The application suffers from an unquoted search path issue impacting the service 'Serviio' for Windows deployed as part of Serviio DLNA server solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application. Serviio also suffers from improper permissions which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, for the Serviio directory and its sub-directories.
The version of Serviio installed on the remote Windows/Linux host is affected by an information disclosure vulnerability due to improper access control enforcement of the Configuration REST API. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to gain access to potentially sensitive information.
Authenticated users, including unprivileged users, with access to a project containing a wiki, can exploit this command injection (CI) vulnerability to gain remote unauthorised access to the server hosting the Tuleap web application. RCE is achieved by entering a SyntaxHighlighter plugin directive in a new wiki page on any wiki available in any project. The SyntaxHighligter plugin in vulnerable versions of PHPWiki passes the `syntax` argument to the `proc_open()` PHP builtin function which spawns a process in the operating system running the web application.
A local privilege escalation vulnerability has been found in the helper binary com.privax.hmaprovpn.helper that ships with HideMyAss Pro VPN v3.3.0.3 for macOS. The helper is installed setuid root and uses the openvpn binary to create VPN profiles and connections. The helper fails to perform signature check's on the openvpn file, which is owned by the user that installed the client. This allows malware on the system to replace the openvpn binary and run arbitrary code as root.
Multiple local privilege escalation vulnerabilities were found in the helper binary HMAHelper that ships with HideMyAss Pro VPN for OS X. The helper is installed setuid root and responsible for loading Kernel Extensions (kext) and managing VPN firewall rules. These issues can be leveraged by a local attacker to gain elevated (root) privileges.
Irfanview is vulnerable to buffer overflow in the 'OtherExtensions' input field. Debugging was done on a WinXP Pro SP3 (32bit) machine. The exploit author provided a proof of concept code which includes a jump to the stack pointer from user32.dll. The exploit is limited by the presence of bad characters and only 43 bytes of space to host a shellcode.
The issue can be triggered by an unauthenticated actor within the home network (LAN) only. The attacker doesn't need to specify a valid username to reset the password. He or she can enter a random string, and using the file disclosure issue it's possible to read the PIN needed for resetting. This in turn will disclose all the valid usernames in the emby server and reset all the passwords for all the users with a blank password. Attackers can exploit this to gain unauthenticated and unauthorized access to the emby media server management interface.
Emby (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Emby suffers from a blind SQL injection vulnerability. Input passed via the GET parameter 'MediaTypes' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
This exploit is for Panda Cloud Antivirus Free, which is vulnerable to a denial of service attack. The exploit is triggered by sending a malicious DeviceIoControl request to the PSMEMDriver device. This causes a Blue Screen of Death (BSoD) on the target system.
An attacker can upload a malicious file to the Easy File Uploader application, which can be accessed by the attacker to gain access to the system.
Services By CQR