WP Private Messages 1.0.1 is vulnerable to SQL Injection. The vulnerability exists due to the lack of proper sanitization of user-supplied input in the 'id' parameter of the 'wpu_private_messages.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database, potentially allowing the attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, etc.
Type user access: any user. $_POST['cat_id'] is not escaped. Is accessible for any user. A proof of concept is provided which involves sending a malicious POST request to the target server with an action of 'wpsp_getCatName' and a cat_id of '0 UNION SELECT 1,CONCAT(name,CHAR(58),slug),3 FROM wp_terms WHERE term_id=1'.
BEAM & RSSMON are Webmin based configuration utilities that ship with RSS server 3.0. These packages are the recommended GUI configuration components and listen on a user specified port from 10000/tcp to 65535/tcp. They are accessible on the local host only in vanilla install unless the firewall is disabled. Both services run with full root permissions and can be exploited for LPE or network attacks. RSSMON has hardened SELinux policies applied which hinder exploitation of this vulnerability be limiting access to network resources. Commands are still run as root in a blind way.
Two issues were reported to the Apport maintainers, a CrashDB code injection issue tracked with CVE-2016-9949 and a path traversal bug tracked with CVE-2016-9950. An additional problem where arbitrary commands can be called with the “Relaunch” action is tracked by CVE-2016-9951.
A specially crafted web-page can trigger a use-after-free vulnerability in Microsoft Internet Explorer 9. An attacker would need to get a target user to open a specially crafted web-page. Disabling JavaScript should prevent an attacker from triggering the vulnerable code path.
A remote sql injection web vulnerability has been discovered in the official VMPanel v2.7.4 web-application (cms). The web vulnerability allows remote attackers to execute own malicious sql commands to compromise the web-application or dbms. The sql-injection web vulnerability is located in the `IP Address` entry name, that is located in the pannel administration. Remote attackers are able to run clean sql commands, the vulnerability attack vector is application-side and the injection request method is POST.
set_dp_control_port is a MIG method on the host_priv_port which allows a root user to escalate to kernel. This PoC triggers the bug such that the first thread frees the port and the second uses it; a more sensible approach towards exploiting it would be to use this race to try to decrement the reference count of a port with two references to zero such that you end up with a dangling port pointer.
Horos suffers from a file disclosure vulnerability when input passed thru the URL path is not properly verified before being used to read files. This can be exploited to include files from local resources with directory traversal attacks.
At several places in the code a wrong length of ACSE data structures received over the network can cause overflows or underflows when processing those data structures. Related checks have been added at various places in order to prevent such (possible) attacks.
A full featured DICOM server has been developed based on the public domain UCDMC DICOM code. The vulnerability is caused due to the usage of vulnerable collection of libraries that are part of DCMTK Toolkit, specifically the parser for the DICOM Upper Layer Protocol or DUL. Stack/Heap Buffer overflow/underflow can be triggered when sending and processing wrong length of ACSE data structure received over the network by the DICOM Store-SCP service. An attacker can overflow the stack and the heap of the process when sending large array of bytes to the presentation context item length segment of the DICOM standard, potentially resulting in remote code execution and/or denial of service scenario.
Services By CQR