The vulnerability allows an attacker to inject sql commands and access the user panel.
NoMachine uses a file called nxexec in order to execute different action as super user, nxexec allow to execute sh files within a sandboxed path, additionally other checks such as parent process name, parent process path are performed in order to be sure only NoMachine application are allowed to execute nxexec. nxnode.bin allow to spoof a local path via NX_SYSTEM environment variable, this is use to craft a path where a perl file will be executed, this PoC exploit the NX_SYSTEM variable in order to allow a custom perl file to call nxexec and execute privileged nxcat.sh script in order to read any file on filesystem.
The vulnerability has been confirmed on Windows 10 Enterprise 64-bit (OS version 1607, OS build 14393.1198) and Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393. An attacker can put data they control at array+offset, they would be able to call this->_UpdateSelected with a controlled argument, which presumably would be sufficient to turn this into a write primitive.
The vulnerability allows an attacker to inject sql commands.... Proof of Concept: http://localhost/[PATH]/index.php?dll=music&sub=search&keyword=[SQL] '+aND(/*!00002SelEcT*/+0x30783331+/*!00002frOM*/+(/*!00002SelEcT*/+cOUNT(*),/*!00002cOnCaT*/((/*!00002sELECT*/(/*!00002sELECT*/+/*!00002cOnCaT*/(cAST(dATABASE()+aS+/*!00002cHAR*/),0x7e,0x496873616E53656e63616e))+/*!00002FRoM*/+iNFORMATION_sCHEMA.tABLES+/*!00002wHERE*/+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(/*!00002rAND*/(0)*2))x+/*!00002FRoM*/+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+/*!00002aNd*/+''='
ClipBucket 2.8.3 is vulnerable to Blind SQL Injection, Arbitrary File Read/Write and Default & Weak admin password. Blind SQL Injection can be exploited by sending a maliciously crafted HTTP request with a specially crafted cid parameter. Arbitrary File Read/Write can be exploited by sending a maliciously crafted HTTP request with a specially crafted file parameter. Default & Weak admin password can be exploited by using the default username and password combination of 'admin'.
Internet Download Manager 6.28 Build 17 is vulnerable to a SEH Buffer Overflow (Unicode) vulnerability. An attacker can exploit this vulnerability by crafting a malicious payload and sending it to the vulnerable application. The payload is then executed in the context of the application, allowing the attacker to gain control of the affected system.
A buffer overflow vulnerability exists in ALL Player v7.4 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a SEH (Structured Exception Handler) overwrite. An attacker can leverage this issue to execute arbitrary code within the context of the application. This issue is triggered when a maliciously crafted .m3u file is opened in ALL Player v7.4. This issue is also known as CVE-2017-14077.
Xamarin Studio is an Integrated Development Environment (IDE) used to create iOS, Mac and Android applications. Xamarin Studio supports developments in C# and F# (by default). The API documentation update mechanism of Xamarin Studio for Mac is installed as setuid root. This update mechanism contains several flaws that could be leveraged by a local attacker to gain elevated (root) privileges.
Quali CloudShell (v7.1.0.6508 Patch 6) is vulnerable to multiple stored XSS vulnerabilities on its platform this can be exploited to execute arbitrary HTML and script code on all users (including administrators) from a low-privileged account.
RPi Cam Control <= v6.3.14 is vulnerable to Local File Read and Blind Command Injection. Local File Read can be done by sending a POST request to the preview.php page with the file path as a parameter. Blind Command Injection can be done by sending a POST request to the preview.php page with the command as a parameter. Blind Command Injection can be used with Local File Read to properly get the output of injected command.
Services By CQR