Unhandled Access Violation Exception loading generated .amr file - 1.1.10 not affected!
By browsing to a script / page, that uses the following file: typo3/sysext/workspaces/Classes/Controller/AbstractController.php (direct access may not be allowed) It is possible to include PHP code to be executed via the "BACK_PATH" global variable. This can be accessed in ways like: AbstractController.php?BACK_PATH=LFI/RFI%00 The vulnerable piece of code: require_once($GLOBALS['BACK_PATH'] . 'template.php'); Demonstrates, that it is necessary to append a null-byte ( %00 ) after the maliciously crafted input / URL. (Unless your remote file if applicable, is named something.template.php)
The vulnerability exists in the rate.php, view.php and pop.php scripts, where an attacker can inject malicious SQL queries to the application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'id' in the 'report.php' page. This can be used to extract sensitive information from the database or even execute system commands.
This module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9, by sending a crafted payload to the vulnerable application.
This exploit is related to VMware WorkStation 12.5.5 and before. It is a heap manipulation exploit which can cause host process crash. It is tested on Win10 x64 and VMware 12.5.2 build-4638234.
Universal JDWP shellifier is a python script that can be used to exploit a vulnerability in the Java Debug Wire Protocol (JDWP) to gain remote code execution. The script creates a JDWP packet and sends it to the target host, which then allows the attacker to execute arbitrary code on the target system.
MDwiki is a wiki/CMS system built entirely on HTML5/Javascript technology and runs entirely on the client. The vulnerability occurs when the program gets the location The .hash value (normally test.md) is parsed and the ajax request is dynamically added to the page. The variable b gets the value after location.hash #! and URLDecode, which is then assigned to a.md.mainHref. The content will be requested by a.md.mainHref, and the b variable will be a:page content after completion. The e value is dynamically generated by the marked library, and the b variable is the payload, which can be used to inject malicious code.
XML External Entity Injection (XXE) vulnerability in MHT file processing allows an attacker to read arbitrary files on the server, or perform remote requests, or even perform server-side request forgery (SSRF) attacks. This vulnerability is caused by the application's failure to properly sanitize user-supplied input before using it to parse an XML document. An attacker can exploit this vulnerability by crafting a malicious MHT file and sending it to the application.
A logic issue existed in the handling of the parent-tab which allowed maliciously crafted web content to lead to universal cross site scripting. An exploit by Frans Rosén was a data:text/html script which opened a parent-tab to apple.com and injected an image tag with an onerror attribute which triggered an alert with the document.domain and document.cookie.
Services By CQR