The vulnerability is caused by a bad file permission on the /etc/shadow file. By exploiting this vulnerability, an attacker can gain root access on the printer.
TCP SYN flooding is a type of Denial of Service (DoS) attack which sends numerous SYN requests to the target system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
DzSoft PHP Editor v4.2.7 is vulnerable to file enumeration attacks when combining "HEAD" method HTTP requests with directory traversal "../../" type attacks. This can aid attackers in information gathering (File enumeration) to help in possibly furthering attacks.
There are multiple SQL Injection vulnerabilities, exploitable without authentication. An attacker could use the SQL Injection to access the database in an unsafe way. This means there is a high impact to all applications. The inoERP software also lacks in input validation resulting in different reflected/stored XSS vulnerabilities.
The Nuxeo Platform tool is vulnerable to an authenticated remote code execution, thanks to an upload module.
EyesOfNetwork (EON) is an OpenSource network monitoring solution. The Eonweb code does not correctly filter arguments, allowing authenticated users to inject arbitrary SQL requests.
EyesOfNetwork ("EON") is an OpenSource network monitoring solution. The Eonweb code does not correctly filter arguments, allowing authenticated users to execute arbitrary code. On the attacker's host, a handler is started and the `selected_events` parameter is not correctly filtered before it is used by the `shell_exec()` function. There, it is possible to inject a payload like in the request below, where we connect back to our handler. The payload gets injected into the `$event[$key]` and `$ged_command` variables of the `module/monitoring_ged/ged_functions.php` file, line 373. Two other functions in this file are also affected by this problem. On the attacker's host, a handler is started and the `module` parameter is not correctly filtered before it is used by the `shell_exec()` function. Again, we inject our connecting back payload. The payload gets injected into the `$module` variable of the `module/index.php` file, line 28.
The vulnerability is a privilege escalation issue in the QNAP QTS firmware. The vulnerability is caused by a misconfiguration of the QNAP QTS firmware. The vulnerability allows an attacker to gain access to sensitive information stored on the device.
This module exploits two security issues in Github Enterprise, version 2.8.0 - 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization, which allows the malicious Ruby object to be loaded, and results in arbitrary remote code execution. This exploit was tested against version 2.8.0.
When Function.bind is called, the arguments to the call are transferred to an Array before they are passed to JSBoundFunction::JSBoundFunction. Since it is possible that the Array prototype has had a setter added to it, it is possible for user script to obtain a reference to this Array, and alter it so that the length is longer than the backing native butterfly array. Then when boundFunctionCall attempts to copy this array to the call parameters, it assumes the length is not longer than the allocated array (which would be true if it wasn't altered), and reads out of bounds. This is likely exploitable, because the read values are treated as JSValues, so this issue can allow type confusion if the attacker controls any of the unallocated values that are read.
Services By CQR