Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
EternalBlue exploit for Windows 7/2008 by sleepya is a buffer overflow exploit which uses heap of HAL (address 0xffffffffffd00010 on x64) for placing fake struct and shellcode. The exploit trick is same as NSA exploit and the overflow is happened on nonpaged pool. The exploit use SMB_COM_TRANSACTION2 for allocating srvnet buffer and SMB_COM_NT_TRANSACT for controlling srvnet buffer.
EternalBlue is a cyberattack exploit developed by the U.S. National Security Agency (NSA) according to leaks by the Shadow Brokers hacker group. It was leaked by the Shadow Brokers on April 14, 2017, one month after Microsoft released patches for the vulnerability. EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. It has been used as part of the ransomware WannaCry, the worldwide cyberattack on May 12, 2017, and the cyberattack NotPetya on June 27, 2017.
An authenticated user could become a valid victim to the described attack by navigating to the infected page. The comment visualization triggers injected javascript code. On the other side any user able to write a comment could become a possible attacker by introducing javascript into the comment body.
This vulnerability allows full database access. It includes sensitive information that normally should be accessed by specific users. An attacker could dump the user table, which contains usernames and password hashes, and proceed to bruteforcing passwords offline and could possibly obtain administrative credentials, or could access private files or personal details such as: telephone numbers, physical address and private assets.
A stack overflow DoS vulnerability affecting Firefox versions 50 through 55 was discovered by Geeknik Labs. This flaw does NOT affect ESR 45 or the latest version of the Tor Browser Bundle. This flaw can be triggered by simply visiting a website with the PoC code embedded in it and requires no further user interaction nor does it require any special privileges. Successful exploitation results in the browser tab crashing.
This module exploits a vulnerability found in BuilderEngine 3.5.0 via elFinder 2.0. The jquery-file-upload plugin can be abused to upload a malicious file, which would result in arbitrary remote code execution under the context of the web server.
This module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise v9.5.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows 7 SP1 x86.
By setting an appropriate AppID it’s possible for a normal user process to set a global ROT entry. This can be abused to elevate privileges. When registering an object in the ROT the default is to only expose that registration to the same user identity on the same desktop/window station. However, it is possible to register an entry for all users/contexts by using the ROTFLAGS_ALLOWANYCLIENT flag. This flag indicates it can only be used if the COM process is a Local Service or a RunAs application. However, there are two clear problems with the check. Creating a RunAs COM object in the current session would typically run at the same privilege level as the caller, therefore an application which wanted to abuse this feature could inject code into that process. Secondly, while it’s not possible to register a per-user COM object which specifies a RunAs AppID, it’s possible to explicitly set the AppID when creating the object.
A vulnerability in Adobe Flash Player allows an attacker to read data from memory locations outside of the intended bounds of a TextField object. This can be exploited to leak sensitive information from the memory of the application.
Services By CQR