The Belkin N150 Wireless Home Router is vulnerable to HTML/Script Injection and Session Hijacking. The parameter 'InternetGatewayDevice.DeviceInfo.X_TWSZ-COM_Language' is vulnerable to HTML/Script Injection, and the sessionid cookie is vulnerable to Session Hijacking. The sessionid is allocated using hex encoding and of fixed length i.e 8, and can be bruteforced using the range 00000000 to ffffffff.
Any registered user can execute remote javascript code by sending a private message to another user. The malicious JS code has to be written in the title of the message, and the receiver must have enabled the notifications when a new message is delivered. Note that the code will be directly executed as soon as the notification appear. (The receiver doesn't even need to check his inbox).
In the latest stable release of ntop-ng it is possible to escalate the privileges of a non-privileged user to the admin account by resetting the password, intercepting the request and replacing the HTTP parameters. To exploit this vulnerability, a user must first login with an unprivileged account, then change the account password and intercept the request, modify the username= and Cookie user= and change to the admin account. Finally, the user can login with the admin account and the password they defined in the previous step.
Kodi web interface is vulnerable to arbitrary file read. An example of this exploit is <ip>:<port:/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd for passwd. This issue was fixed in 2012, reintroduced in February 2015 and fixed again in November 2015 for v16.
This exploit is a local privilege escalation vulnerability in abrt/sosreport in Red Hat Enterprise Linux (RHEL) 7.0 and 7.1. It allows a local user to gain root privileges by exploiting a race condition in the abrt/sosreport component. The vulnerability is triggered when a local user creates a symbolic link in the /proc/sys/kernel/modprobe file, which points to a malicious script. The malicious script is then executed with root privileges when the sosreport utility is run.
Enables to read and modify the HumHub Mysql Database. While conducting an internal software evaluation, LSE Leading Security Experts GmbH discovered that the humhub social networking software is subject to an sql-injection attack.
MyCustomers CMS is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter DPT. This can be done by appending a single quote character to the vulnerable parameter. For example, http://server/index.php?DPT=IP17%27. This can allow an attacker to gain access to the database and potentially execute arbitrary code.
This module exploits an unauthenticated SQLi vulnerability in the Sysaid Helpdesk Free software. Because the 'menu' parameter is not handled correctly, a malicious user can manipulate the SQL query, and allows arbitrary code execution under the context of 'SYSTEM' because the database runs as the SA user. This module uses a Metasploit generated Powershell payload and uses xp_cmdshell, which is activated and then deactivated after exploitation.
SAP Sybase Adaptive Server Enterprise is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. An attacker can exploit this issue by sending a specially crafted XML request containing an external entity declaration to the vulnerable server.
WP-Client is vulnerable to a stored XSS attack in the Request Estimate page. The extension affected is Estimates/Invoices v1.5.1. An attacker can inject malicious JavaScript code in the 'Comments' field of the Request Estimate page, which will be executed when the page is viewed by an administrator.
Services By CQR