The vulnerability exists due to the lack of proper sanitization of the `$_COOKIE[STATIONSID]` parameter, which is used inside a SQL statement. An attacker can send a specially crafted HTTP request with a malicious cookie value to bypass authentication and gain access to the application.
SMBv1 SrvOs2FeaToNt OOB is prone to a remote code execution vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. The vulnerability trigger point is an unsigned int __fastcall SrvOs2FeaToNt(int a1, int a2) function which fails to perform adequate boundary-checks on user-supplied input.
Any website visitor can access a page that allows creation of a new customer role, while creating the role there is access to the database schema showing all the tables and their columns. It does not show the data in the database only the schema.
Any website visitor can access a page that allows viewing and creating any vendor accounts and their credentials including all applications that use Personify API's. It will show username, password and block(api password). New accounts can be created, or, existing accounts can be used to spoof the origin of attacker. Additionally, roles can be modified for existing vendors.
An exploitable off-by-one write vulnerability exists in the x509 certificate parsing functionality of wolfSSL library versions up to 3.10.2. A specially crafted x509 certificate can cause a single out of bounds byte overwrite resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either server or client application using this library.
The constructor mkvparser::Tracks::Tracks() fails to handle parsing failures correctly. If the parsing of the Track object fails, the pointers are left uninitialised. Subsequent code will then dereference and use the uninitialised pointers, which can lead to a crash.
This module exploits the sql injection and command injection vulnerability of CryptoLog. An un-authenticated user can execute a terminal command under the context of the web user. login.php endpoint is responsible for login process. One of the user supplied parameter is used by the application without input validation and parameter binding. Which cause a sql injection vulnerability. Successfully exploitation of this vulnerability gives us the valid session. logshares_ajax.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having a valid session. One user parameter is used by the application while executing operating system command which cause a command injection issue. Combining these vulnerabilities gives us opportunity execute operation system command under the context of the web user.
GOLDENSHOWER is an unauthenticated Remote Code Execution (RCE) vulnerability in Oracle GoldenGate. It allows an attacker to execute arbitrary commands on the target system without authentication. The vulnerability is caused by the lack of authentication in the Oracle GoldenGate Manager service, which allows an attacker to send specially crafted requests to the service and execute arbitrary commands on the target system. The vulnerability affects Oracle GoldenGate versions 12.1.2.0.0 and earlier.
LogRhythm Network Monitor is vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability to gain root access to the system. The vulnerability is due to the lack of authentication checks when making certain API calls. An attacker can craft a JWT token with an arbitrary username and role and use it to make API calls. This can be used to bypass authentication and gain root access to the system.
RPCBomb is a DoS exploit for *nix rpcbind/libtirpc. It sends a packet to the target with a specified number of bytes to allocate, which can cause the target to crash or become unresponsive.
Services By CQR