A Denial of Service (DoS) vulnerability exists in TEC-IT TBarCode OCX ActiveX Control (TBarCode4.ocx 4.1.0 ) due to an access violation caused by a comparison of a byte pointer with the value 5. The vulnerability can be triggered by a specially crafted request sent to the vulnerable application. This can result in a crash of the application.
Logged into the system, enter on profile page of your user. Click 'Change Cover' and then 'Upload Cover' to select the file '*.php' you want to send. After selecting the file upload, this will be sent to an area temporarily, the system detects that the format is not valid, but doesn’t remove, allowing access later. An error message is displayed on the screen. Access can be gained by going to '/srv/www/htdocs/XXXXXXXXXXX/public/temporary/timeline/cover_original_8.php' and exploiting the vulnerability with a command such as 'cat /etc/passwd' or 'cat ../../../install/config/auth.php'.
This module exploits HP Data Protector omniinet process on Windows only. This invokes the install service function that allows for a reverse tcp payload to your host. To ensure this works, the SMB server must have a share called Omniback which has a subfolder i386, i.e. \192.168.1.1Omnibacki386",N/A,N/A,2012-13-07,Ben Turner
A vulnerability in Novell Client 2 SP3 allows for privilege escalation. The first public information about this bug was from Nikita Tarakanov @NTarakanov. An exploit for demonstration purposes was created and tested on Windows 7 and 8 (x86) / nicm.sys 3.1.11.0. It does not bypass SMEP on Windows 8. A Metasploit module is available for Windows 7.
FluxBB suffers from a cross-site scripting, cross-site request forgery and URL redirect vulnerability. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed via the 'redirect_url' parameter in 'misc.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. It also fails to properly sanitize user-supplied input to the 'form[board_title]' POST parameter in the 'admin_options.php' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
A remote command execution web vulnerability is detected in the WebDisk v3.0.2 application (Apple iOS - iPad & iPhone). The vulnerability allows remote attacker to execute code inside of a vulnerable web application module to compromise the device. The vulnerability is located in the afgetdir.ma file when processing to request manipulated path parameters. Remote attackers can execute code from the main application index by using the upload input field.
A persistent input validation web vulnerability is detected in the Private Photos v1.0 application (Apple iOS - iDevice). The vulnerability allows remote attackers to inject own malicious script codes to the application-side of the vulnerable service module. The vulnerability is located in the `photo` value of the `/upload` POST method request. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable service module. The request method to inject is POST and the attack vector is located on the application-side.
Exploits a host of vulnerabilities discovered in OpenEMM. Required ws.wsdl file should be in local directory.
SEC Consult has identified several vulnerabilities within the components of Symantec Web Gateway in the course of a short crash test. Some components have been spot-checked, while others have not been tested at all. Several of the discovered vulnerabilities below can be chained together in order to run arbitrary commands with the privileges of the 'root' user on the appliance. An attacker can get unauthorized access to the appliance and plant backdoors or access configuration files containing credentials for other systems (eg. Active Directory/LDAP credentials) which can be used in further attacks. Since all web traffic is routed through the appliance, an attacker can also manipulate the traffic and inject malicious content.
In Struts 2 before 2.3.15.1 the information following "action:", "redirect:", or "redirectAction:" is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code.
Services By CQR