An attacker can inject arbitrary SQL commands into the 'pid' parameter of the product_view1.php script, allowing them to access or modify the underlying database.
A remote Denial of Service exists in Kiwi Syslog 9.6.1.6 in the TCP listener. Apparently any data sent to it make it crash because of a Type Mismatch error. The syslog TCP listener is disabled by default.
Vendor informed about vulnerability, they are going to release fix. Joysale v2.2.1 (latest version) vulnerable to attack. While uploading image file, you can change the content in it, there is only user controls for file type. After you post vulnerable code via file upload, server saves your file in temp folder.
The mad_decoder_run function in decoder.c in libmad 0.15.1b can cause a denial of service(memory corruption) via a crafted mp3 file. I found this bug when I test mpg321 0.3.2 which used the libmad library.
A vulnerability exists in SOL.Connect ISET-mpp meter 1.2.4.2 and possibly earlier versions, which allows an attacker to bypass authentication and gain administrative access. This is achieved by sending a specially crafted HTTP request with an SQL injection payload in the user parameter.
When XPC serializes large xpc_data objects it creates mach memory entry ports to represent the memory region then transfers that region to the receiving process by sending a send right to the memory entry port in the underlying mach message. By crafting our own xpc message (or using an interposition library as this poc does) we can pass different flags to mach_make_memory_entry_64 such that the memory entry received by the target process actually represents a region of shared memory such that when the xpc_data deserialization code maps the memory entry port the memory region remains mapped in the sender's address space and the sender can still modify it (with the receiver seeing the updates). This can be turned directly into controlled memory corruption by targetting the serialized method type signature (key 'ty') which is parsed by [NSMethodSignature signatureWithObjCTypes:].
A vulnerability exists in VehicleWorkshop where an attacker can upload a malicious file or shell via Regular or customer User Account. An attacker can exploit this vulnerability by logging into any customer account or creating an account and navigating to http://192.168.1.13/sellvehicle.php and uploading a malicious file. The malicious file can be uploaded using a POST request.
Navigate to the admin or customer login page and submit ' OR 1 --+ for username and password to gain access to the admin or customer area.
This PoC will upload AcronisInstaller.exe to the root of C:. It will use the directory traversal vulnerability to pull down the log files and parse for the base64 encoded credentials. Once it has that, it will use them to log into the application and upload the malicious zip file.
This module exploits an information disclosure vulnerability found in Advantech SUSIAccess <= version 3.0. The vulnerability is triggered when sending a GET request to the server with a series of dot dot slashes (../) in the file parameter.
Services By CQR