A Cross-Site Scripting (XSS) vulnerability exists in Wordpress White-Label Framework version 2.0.6. An attacker can exploit this vulnerability by entering their XSS payload in all forms.
No CSRF token exists allowing remote attackers to run arbitrary SQL commands on the MySQL database. XSS entry point exists on the listaBD2.jsp web page opening up the application for client side browser code execution.
The process to bypass authentication and escalate privileges is as follows: Include the '&' symbol anywhere in the password value in the login request (as raw content - it must not be encoded). After a moment, the system will accecpt the login request and return a valid session cookie. Using the valid session cookie, send a request to add a new user with administrative privileges.
Elastix is a Linux distribution that integrates the best tools available for Asterisk-based Private Branch Exchanges (PBX) into a single, easy-to-use interface. Elastix 2.4 is vulnerable to a PHP code injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted POST request to the ImportStep2.php script. This will allow the attacker to execute arbitrary PHP code on the vulnerable system.
A vulnerability in FireEye appliance allows an attacker to gain unauthorized remote root file system access. This can be done by sending a malicious request to the web server, which runs as root. The malicious request contains the path to the etc/passwd file, which can be accessed and downloaded by the attacker.
The Mac OS X client of Disconnect.me has a local privilege escalation vulnerability (0day). The original download of version 2.0 or below is available at https://disconnect.me/premium/mac, and an archived download is available at http://d-h.st/LKqG. The Disconnect+Desktop.pkg has a sha256 of bc94c94c88eb5c138396519ff994ae8efe85899475f44e54f71a6ebc047ce4e7. The proof of concept involves creating a script in the /tmp directory, setting the PATH to /tmp, and running the “/Library/Application Support/disconnect/stopvpn” command, which will then run the script as root.
The title parameter passed into the program that specifies the title of the converted PDF is vulnerable to a buffer overflow. This can be exploited using EIP direct overwrite, SEH bypass, and ROP. EIP was easier and afforded more universal exploitation so I went that route after SEH bypass limited the exploit's universal OS compatibility
A CSRF issue was found in the latest version of the plugin for wordpress 'Contact Form Generator'. The issue can be exploited by sending a special link to a wordpress administrator having installed the vulnerable plugin. form field creation: when the victim accesses the sent link, will create a new form and inject HTML / JS code without knowing. Update form field: when the victim accesses the link, will update information of the form identified for ´id´ parameter by injecting HTML / JS code.
Various functions in the device's admin web portal are vulnerable to Cross Site Request Forgery. Proof-of-concept HTML has been provided. In order for changes in wireless settings/security (executed via CSRF) to apply, a save and reset must be execute either by the admin manually saving the settings through the portal or via the save and reset CSRF-vulnerable functions described below.
An authentication bypass vulnerability has been discovered in the official in the official Zhone ADSL2+ 4 Port Wireless Bridge & Router (Broadcom). The vulnerability allows remote attackers to bypass the authentication procedure to compromise the hardware device or service interface.
Services By CQR