A context-dependent attacker can execute arbitrary code by exploiting a memory corruption vulnerability during the handling of the pub files.
A local buffer overflow vulnerability exists in Zoner Photo Studio v15 Build 3 (Zps.exe) when parsing a specially crafted registry value. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
A context-dependent attacker can execute arbitrary code by exploiting a memory corruption vulnerability during the handling of the xls files.
netOffice Dwins is vulnerable to SQL Injection. The vulnerability exists in the 'reports/export_leaves.php' and 'users/exportuser.php' scripts. In the 'reports/export_leaves.php' script, the vulnerable parameter is 'S_ATSEL' which is used in the SQL query at line 5. In the 'users/exportuser.php' script, the vulnerable parameter is 'id' which is used in the SQL query at line 4.
The AVerCaster Pro RS3400 video-streaming solution from AVerMedia is vulnerable to a directory traversal bug. The whole filesystem (at least the locations accessible to the user running the web service) can easily be reached from the web using a crafted URL.
Using the web interface of Xivo 1.2, an attacker can download any file from the system as the web application is running under root privileges. This can allow an attacker to download clear text passwords, /etc/passwd, /etc/shadow and many more.
This module uses valid credentials to login to the WinRM service and execute a payload. It has two available methods for payload delivery: Powershell 2.0 and VBS CmdStager. The module will check if Powershell 2.0 is available, and if so uses that method. Otherwise it falls back to the VBS Cmdstager which is less stealthy.
A SQL injection vulnerability exists in the "failed_access_blocker" plugin of Zenphoto 1.4.3.3 and earlier versions. The vulnerability is due to insufficient sanitization of user-supplied data in the "X_FORWARDED_FOR" HTTP header. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application's database.
This paper describes realistic attacks against networks using Sophos products. It includes a working pre-authentication remote root exploit that requires zero-interation, and could be wormed within the next few days.
CheckPoint/Sofaware firewalls are popular compact UTM (Unified Threat Management) devices, commonly found deployed in corporate satellite offices sometimes even within private households. ProCheckUp has discovered that multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure vulnerabilities exist within these firewalls. Which might allow the protective nature of the firewall to be subverted, placing internal users at risk from attack. An attacker may be able to cause execution of malicious scripting code in the browser of a user who clicks on a link to Checkpoint firewall hosted page. Such code would run within the security context of the target domain. This type of attack can result in non-persisitent defacement of the web site, or the redirection of confidential information to unauthorised third parties.
Services By CQR