The gig::Region::Region function in gig.cpp in libgig 4.0.0 can cause a denial of service(Null pointer dereference and application crash) via a crafted gig file.
WebCTRL suffers from an authenticated arbitrary code execution vulnerability. The issue is caused due to the improper verification when uploading Add-on (.addons or .war) files using the uploadwarfile servlet. This can be exploited to execute arbitrary code by uploading a malicious web archive file that will run automatically and can be accessed from within the webroot directory. Additionally, an improper authorization access control occurs when using the 'anonymous' user. By specification, the anonymous user should not have permissions or authorization to upload or install add-ons. In this case, when using the anonymous user, an attacker is still able to upload a malicious file via insecure direct object reference and execute arbitrary code. The anonymous user was removed from version 6.5 of WebCTRL.
The vulnerability is triggered by an authenticated user that can use the manualcommand console in the management panel of the affected application. The ManualCommand() function in ManualCommand.js allows users to perform additional diagnostics and settings overview by using pre-defined set of commands. This can be exploited by using the echo command to write and/or overwrite arbitrary files on the system including directory traversal throughout the system.
WebCTRL server/service suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group. The application suffers from an unquoted search path issue as well impacting the service 'WebCTRL Service' for Windows deployed as part of WebCTRL server solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
VX Search Enterprise v9.9.12 is vulnerable to a buffer overflow vulnerability in the 'Import Command' feature. An attacker can exploit this vulnerability by creating a specially crafted XML file and importing it into the application. This will cause a buffer overflow and allow the attacker to execute arbitrary code on the target system.
Disk Savvy Enterprise v9.9.14 is vulnerable to a buffer overflow vulnerability when importing a specially crafted XML file. An attacker can exploit this vulnerability by creating a malicious XML file and then importing it into the application. This will cause a buffer overflow and allow the attacker to execute arbitrary code on the target system.
This module exploits an unsafe Javascript API implemented in PDF-XChange Viewer. The launchURL() function allows an attacker to execute local files on the file system and bypass the security dialog.
Disk Pulse Enterprise 9.9.16 is vulnerable to a buffer overflow vulnerability when importing a specially crafted XML file. An attacker can exploit this vulnerability by creating a malicious XML file and then importing it into the application. This will cause a buffer overflow and allow the attacker to execute arbitrary code on the target system.
PHPMyWind 5.3 is vulnerable to Cross-Site Scripting (XSS) due to insufficient filtration of user-supplied input. An attacker can inject malicious JavaScript code into the 'nickname', 'contact' and 'content' parameters of the 'message_update.php' script, which is then stored in the database and executed in the browser of an unsuspecting user when the malicious message is viewed.
The vulnerability allows an attacker to inject sql commands into the 'joke_id' parameter of the 'print.php' script. An example of a malicious payload is provided.
Services By CQR