Huawei UTPS Software is the core software that is bundled with the Internet Dongles, it provides it dongles to companies like Airtel, TATA Photon. This is the software that installs itself for the Dongle to run on the attached machine. It installs as a service ('Photon. RunOUC') and ('Airtel. RunOuc') with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
A vulnerability in the Network Time Protocol (NTP) daemon (ntpd) allows a remote attacker to cause a Denial of Service (DoS) condition by sending a specially crafted packet to the ntpd service. This vulnerability affects ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and ntp-4.3.0 up to, but not including ntp-4.3.94.
FUDforum is forum software written in PHP. In version 3.0.6, it is vulnerable to local file inclusion. This allows an attacker to read arbitrary files that the web user has access to. Admin credentials are required.
FUDforum is forum software written in PHP. In version 3.0.6, it is vulnerable to multiple persistent XSS issues. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection. Additionally, FUDforum is vulnerable to Login-CSRF.
An attacker would need to get a target user to open a specially crafted web-page. Disabling Javascript should prevent an attacker from triggering the vulnerable code path. Recompiling the regular expression pattern during a replace can cause the code to reuse a freed string, but only if the string is freed from the cache by allocating and freeing a number of strings of certain size, as explained by Alexander Sotirov in his Heap Feng-Shui presentation. Exploitation was not investigated.
A memory corruption vulnerability was identified in the Microsoft Edge Chakra JavaScript engine which could allow a malicious user to remotely execute arbitrary code on a vulnerable user’s machine, in the context of the current user. Exploitation of this vulnerability requires a user to visit a page containing specially crafted JavaScript. Users can generally be lured to visit web pages via email, instant message or links on the internet. Vulnerabilities like this are often hosted on legitimate websites which have been compromised by other means.
ScriptCase is vulnerable to multiple security issues, including CSRF Remote Command Execution, CSRF Add Admin, SQL Injection, Cross Site Scripting, Local Privlege Escalation (Insecure File Permissions), and User Enumeration / Token Bypass. An attacker can exploit these vulnerabilities to gain access to the application and modify files, add an arbitrary system account to the affected system, and execute arbitrary system commands on the affected host.
PanOS uses a modified version of the appweb3 embedded webserver, which contains a bug in the core utility routine mprItoa. The size parameter is documented to be the size of the buffer at *buf, but if the value exceeds that it will write one more byte than that as a nul terminator. An unauthenticated php script can be called to invoke mprItoa() on a default installation at /unauth/php/errorPage.php, which can corrupt the stored GOT pointer, resulting in some unexpected routine being called on the attacker-controlled MaResponse object, and crashing with some heap corruption.
The root_reboot utility is setuid root, but performs multiple calls to system() with attacker controlled data, which is trivially exploitable. An attacker can use the 'reason' parameter to inject malicious commands, which will be executed with root privileges.
The setuid root executable /usr/local/bin/root_trace essentially just does setuid(0) then system("/usr/local/bin/masterd"), which is a python script. As the environment is not scrubbed, an attacker can set the PYTHONPATH environment variable to a malicious python script and execute the root_trace executable to gain root privileges.
Services By CQR