This module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.
IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default).
This vulnerability is an out-of-bounds read in the metadata parsing of the attached file. When the metadata is parsed, an out-of-bounds read occurs, which can lead to a crash or other unexpected behavior.
The COM session moniker allows a user to specify the interactive session that’s to be used when a DCOM object is registered with an AppID with RunAs of “Interactive User”. As switching sessions is not something a normal user can do you’d assume that this would be only accessible to administrators (or at least with Impersonate/Assign Primary Token privilege). It turns out however that there’s no such restriction, this allows one user to instantiate a DCOM object inside another user’s session on the same machine (think Terminal Server or Fast User Switching). The only restriction on the user then accessing that instantiated server is the specified Access DACL. The default Access DACL on a modern system only allows the user identity the server is running as as well as Administrators to access the created object. However there are a number of statically registered servers which allow the interactive user group (and who knows how many dynamically allowed ones through CoInitializeSecurity). I already described one these in my blog post of resurrecting dead processes, HxHelpPaneServer. With this object we can execute an arbitrary process in the context of the other user in their session.
Rawether for Windows is a framework that facilitates communication between an application and the NDIS miniport driver. It’s produced by a company named Printing Communications Assoc., Inc. (PCAUSA), which seems to be no longer operating. Exploit attached to this advisory targets 64bit version of PcaSp60.sys driver which is part of ASUS PCE-AC56 WLAN Card Utilities.
A SQL injection vulnerability exists in Joomla! Component Vik Rent Car v1.11. An attacker can send a malicious SQL query to the vulnerable parameter 'caropt' and 'place' in the URL http://localhost/[PATH]/index.php/en/?option=com_vikrentcar&caropt=[SQL]&days=31&pickup=1490947200&release=1493542800&place=[SQL]&task=showprc&Itemid=104 to execute arbitrary SQL commands in the backend database.
A SQL injection vulnerability exists in Joomla! Component Vik Rent Items v1.3. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to access or modify the application's data, or even execute system level commands.
A SQL injection vulnerability exists in Joomla! Component Vik Appointments v1.5. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'ordering', 'filters[group]', 'filters[service]', 'filters[country]' and 'filters[state]' parameters of the 'index.php/en/our-staff' script.
The MikroTik Router has not protection mechanism for the case of a fast network connection which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router should be reboot again for working normally.
A SQL injection vulnerability exists in Joomla! Component Advertisement Board v3.0.4. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
Services By CQR