MS16-098 is a Windows Kernel-Mode Drivers Elevation of Privilege vulnerability that allows an attacker to gain elevated privileges on a vulnerable system. The vulnerability exists due to a race condition in the Windows kernel-mode drivers, which can be exploited by an attacker to execute arbitrary code in kernel mode. The vulnerability affects Windows 8.1 and Windows Server 2012 R2.
A local buffer overflow vulnerability has been discovered in the official Boxoft Wav to MP3 (freeware) V1.1.0.0 software. The local vulnerability allows local attackers to overwrite the registers to compromise the local software system process. The classic unicode buffer overflow vulnerability is located in the `Add` function of the `Play` module. The vulnerability allows to overwrite the registers with a crafted unicode string.
A remote cross-site request forgery (CSRF) vulnerability has been discovered in the official Huawei Flybox B660 3G/4G router product series. The security vulnerability allows remote attackers to submit special requests to the affected product which could lead reboot the Product. The vulnerability is located in the `/htmlcode/html/reboot.cgi` and `/htmlcode/html/system_reboot.asp` file modules and `RequestFile` parameter of the localhost path URL. Remote attackers are able to reboot any Huawei Flybox B660 via unauthenticated POST method request.
A persistent cross site scripting web vulnerability has been discovered in Blackboard LMS official web-application. Remote attackers are able to inject malicious script codes to the vulnerable application-side of the online service. The vulnerability is located in the `profile` module of the application. Remote attackers are able to inject malicious script codes to the `firstname` and `lastname` value of the vulnerable profile module.
No need admin access for upload files and we can upload any file without bypass(.php,.exe,....). An attacker can send a specially crafted HTTP request containing a malicious file to the vulnerable server. This can allow the attacker to upload malicious files to the server and execute arbitrary code.
The vulnerability allows a remote attacker to execute malicious code or access to a part of the dynamically allocated memory using a user interaction visiting a Web page or open a specially crafted SWF file, an attacker is able to execute arbitrary code on the vulnerable system.
My link trader is vulnerable to SQL Injection. The vulnerable parameter is 'id' which can be exploited by passing malicious SQL queries in the URL. This can be used to extract sensitive information from the database.
The vulnerable file is 'link_req_2.php', all the post parameters do not get filtered, then do sql query. The vulnerable parameters are '$_POST[category]','$_POST[name]','$_POST[url]','$_POST[description]','$_POST[email]'. The proof of concept is to send a post request to http://www.example.com/StartingPage/link_req_2.php with the post data [category=1' AND (select 1 from(select count(*),concat((select(select(select concat(0x7e,0x27,username,0x3a,password,0x27,0x7e)from sp_admin limit 0,1))from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND 'a'='a&name=abc&email=admin@admin.com&url=www.xxx.com&description=helloworld].
This exploit allows an attacker to add an administrator to the FMyLife Clone Script (Pro Edition) version 1.1. The attacker can use the form to add an administrator with a username and password of their choice.
A critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy “FreePBX ARI Framework module/Asterisk Recording Interface (ARI)”. htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth coockie, related to the PHP unserialize function.
Services By CQR