The vulnerability stems from the tomcat.conf file installed by default by packages on RedHat-based systems with write permissions for the tomcat group. An attacker who is able to write files with tomcat user permissions (for example, through a vulnerability in web application hosted on Tomcat) can create a malicious shared library in the /run/tomcat directory and then create a symbolic link in the /etc/ld.so.preload file which will cause the malicious library to be loaded and executed with root privileges every time a setuid binary is executed on the system.
A stored XSS vulnerability exists in the PHP Press Release application. An attacker can inject malicious JavaScript code into the 'title' parameter of the 'administration.php?pageaction=saverelease' page. When a user visits the page, the malicious code will be executed in the user's browser.
A Cross-Site Request Forgery (CSRF) vulnerability exists in PHP Press Release, which allows an attacker to add an admin user with Super user access level. An attacker can craft a malicious HTML page and send it to the victim. When the victim visits the malicious page, the attacker's request will be executed in the background and an admin user with Super user access level will be added.
Versions of ShoreTel Connect ONSITE prior and including 21.79.4311.0 are vulnerable to a Blind SQL Injection in /authenticate.php, on the webserver that is running the Conference system. Specifically, the POST parameter "username" is not sanitised prior to being used in SQL Queries. Using test'%20and%20(select*from(select(sleep(35)))a)--%20 for the username value the server will respond after approximately 35 seconds. No authentication is needed in order to exploit the vulnerability as the issue resides in the pre-authentication realm of the system.
Wacom's "Wacom Consumer Service" installs as a service with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged localuser to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local attacker must insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.
miniblog 1.0.1 versions is vulnerable to CSRF attack, adding, delete and edit article in the sections. If used with XSS, it can be used to steal the admin's cookie information.
SQL Injection vulnerability exists in Entrepreneur Job Portal Script version 2.06. An attacker can exploit this vulnerability to inject malicious SQL queries in the application and gain access to sensitive data from the database. This vulnerability can be exploited by sending a maliciously crafted HTTP request to the vulnerable application.
BlueStacks Log Rotator Service (BstHdLogRotatorSvc) installs as a service with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
Simple PHP Blog 0.8.4 versions is vulnerable to CSRF attack (No CSRF token in place) meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), a form will be submitted to (http://localhost/simple/manage_users.php?action=update&type=new) that will add a new user as administrator. Once exploited, the attacker can login to the admin panel (http://localhost/simple/login.php) using the username and the password he posted in the form.
There is no any filtering or validation mechanisim on "login.php". "username" and "password" inputs are vulnerable to SQL Injection attacks. The software is capable of sending e-mail to system admins. But there is no any authorization mechanism to access e-mail logs. The e-mail logs can accesed by anyone.
Services By CQR