The Vulnerability Laboratory Researcher Team discovered multiple Vulnerabilities in MYREs Real Estate Mobile Application (2012 Q2). The vulnerability allows remote attackers to inject own malicious script codes to the application-side of the vulnerable module. The vulnerability is located in the `name` value of the `contact` module. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable module. The request method to inject is POST and the attack vector is located on the application-side. The security risk of the vulnerability is estimated as critical with a cvss (common vulnerability scoring system) count of 8.5. Exploitation of the vulnerability requires no user interaction or privileged web-application user account. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious sources and persistent manipulation of affected or connected module context.
This exploit is a proof of concept and requires a specific target environment. It works by using the %n to overwrite the objects vtable with a controlled value (str length + %YYx to pad out the arbitrary fake vtable). During the application authentication routine, it will allocate the strings we send as USER/PASS from a heap and then free them to the lookaside (as long as the string length is < 1016 bytes in size). Because this address is relative and has a static base in this environment, the exploit is able to use the heap chunk address as the pointer to write at the vtable.
This module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plug-in versions 0.4.2.1 and below are vulnerable.
F5 ships a public/private key pair on BIG-IP appliances that allows passwordless authentication to any other BIG-IP box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.
The vulnerability is caused due to a boundary error in the processing of a playlist file, which can be exploited to cause a heap based buffer overflow when a user opens e.g. a specially crafted .M3U file. Successful exploitation could allow execution of arbitrary code on the affected node.
This exploit allows an attacker to bypass authentication and gain root access to a MySQL server. It is done by using the 'mysql' command with the '--password=blah' argument, which allows the attacker to bypass authentication.
This exploit allows an attacker to bypass authentication and gain root access to the F5 BIG-IP appliance. The exploit involves writing a private RSA key to a file, then using the SSH command to connect to the appliance as root. The exploit was written by Dave Kennedy (ReL1K) and was published on his website secmaniac.com.
Zero day vulnerability exists in kernel-mode library ATMFD.DLL, that using by OS for working with PostScript-based OpenType font files (.OTF). Opening malicious .OTF font file, that can be embedded in Microsoft Office document or web-page, causes a BSoD on NT 5.x (Windows XP, Server 2003) and 100% CPU overage on NT 6.x (Vista, 7, Server 2008). The point of vulnerability -- invalid decoding of 0x0d byte in the Type 2 Charstring Format Glyph, that drops ATMFD.DLL code into the infinite loop.
This module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service due to the insecure usage of the exec() function. This module abuses the spywall/ipchange.php file to execute arbitrary OS commands without authentication.
Vulnerable BIG-IP installations allow unauthenticated users to bypass authentication and login as the 'root' user on the device. The SSH private key corresponding to the following public key is public and present on all vulnerable appliances.
Services By CQR