SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter. PoC: https://vulnerable_site.com/inc/rdr.php?r=69387c602c1056c556[time based SQL INJ] https://vulnerable_site.com/inc/rdr.php?r=69387c602c1056c556%20and%20sleep(10)--+ sqlmap -u "http://vulnerable_site.com/inc/rdr.php?r=120c44c5" --dbms=mysql -p r --tamper=equaltolike,between --hostname --technique=T -v 3 --random-agent --time-sec=4 NB: "equaltolike" and "between" arsenal to defeat filtering! Data retrieval process may take more than usual time.
The vulnerability exist in the web interface, which is accessible without authentication. Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices who try to access certain sites are instead redirected to possibly malicious sites. Modifying systems' DNS settings allows cybercriminals to perform malicious activities like steering unknowing users to bad sites, replacing ads on legitimate sites, controlling and redirecting network traffic, and pushing additional malware.
tryCreateArrayButterfly() is a function in the JavaScriptCore library of WebKit which is used to create a JSArray object. It allocates a fixed size of memory without caring about the initialLength parameter. This can lead to an Out-of-Bounds Write vulnerability when the initialLength is greater than the fixed size. A proof-of-concept exploit is provided which uses the Intl.getCanonicalLocales() function to trigger the vulnerability.
When compiling Javascript code into machine code, bound checks for all accesses to a typed array are also inserted. These bound checks are re-optimized and the unnecessary checks are removed, which is performed by IntegerCheckCombiningPhase::handleBlock. The problem is that the check |data.m_addend > range.m_maxBound| is a signed comparison. This vulnerability can be exploited by setting a negative index to the typed array, which will bypass the signed comparison check and allow the attacker to write to arbitrary memory locations.
The Array.prototype.splice() method in JavaScript can be used to trigger an out-of-bounds read. This vulnerability can be exploited by creating an array with a large number of elements and then calling the splice() method on it. The vulnerability can be triggered by using a specially crafted JavaScript code that will cause the array to be allocated in a memory region that is not properly initialized. This can lead to an out-of-bounds read, which can be used to leak sensitive information.
After JSGlobalObject::haveABadTime is called, the type of all JavaScript arrays (including newly created arrays) are of the same type: ArrayWithSlowPutArrayStorage. This type confusion can be exploited by using the fastSlice function, which allows for the copying of an array from one JSGlobalObject to another. This can lead to memory corruption and other security issues.
IBM Informix Dynamic Server doconfig is vulnerable to a PHP Code Injection Remote Code Execution vulnerability. This vulnerability is caused by the lack of input validation in the 'run()' function in the 'index.php' file. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This will allow the attacker to execute arbitrary code on the vulnerable server.
An attacker can inject malicious SQL queries into the vulnerable parameter 'category' of the 'all-recipes' page of the Joomla! Component JoomRecipe 1.0.3, which can be exploited to manipulate the database and gain access to sensitive information.
KBVault Mysql Free Knowledge Base application package comes with a third party file management component. An unauthenticated user can access the file upload (and delete) functionality using the following URI: http://host/FileExplorer/Explorer.aspx?id=/Uploads. Through this functionality a user can upload an ASPX script to run any arbitrary code, e.g.: http://host/Uploads/Documents/cmd.aspx.
There is a Memory Corruption Vulnerability in aswSnx.sys when DeviceIoControl API is called with ioctl number 0x82ac0170, and An attacker may leverage this vulnerability to execute arbitrary code in the context of SYSTEM.
Services By CQR