Abyss Web Server installs a service called 'AbyssWebServer' with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. Abyss Web Server also suffers from weak file and folder permissions which could allow an unauthorized user to swop out executable files with their own payload.
Picosafe Web Gui is vulnerable to Remote File Upload, Local File Disclosure and Cross-Site Scripting. An attacker can exploit these vulnerabilities to upload malicious files, disclose sensitive information and execute malicious scripts.
Bind Nuke is a buffer overflow exploit that targets the Domain Name System (DNS) server software, BIND. It is a type of attack that sends a maliciously crafted packet to a vulnerable DNS server, which then causes the server to crash or become unresponsive. The exploit works by sending a specially crafted packet to the DNS server, which contains a large amount of data that exceeds the maximum size of the packet. This causes the server to crash or become unresponsive, resulting in a denial of service (DoS) attack.
This module abuses the Capcom.sys kernel driver's function that allows for an arbitrary function to be executed in the kernel from user land. This function purposely disables SMEP prior to invoking a function given by the caller. This has been tested on Windows 7 x64.
The tomcat init script provided by the tomcat packages on Debian-based distributions (including Debian, Ubuntu etc.) is vulnerable to a local privilege escalation attack. The vulnerable init script is installed as: /etc/init.d/tomcat[6-8]. The init script allows local attackers who have already gained access to the tomcat account (for example, by exploiting an RCE vulnerability in a java web application hosted on Tomcat, uploading a webshell etc.) to escalate their privileges from tomcat user to root and fully compromise the target system.
When frameworks/native/libs/binder/Parcel.cpp reads e.g. a string from a parcel, it does not verify that the string doesn't overlap with any byte range that was tagged as a binder object by the sender. When an attacker sends a parcel to a victim process that contains an unexpected binder handle referring to an object from the victim process where string data is expected, the kernel replaces the attacker-specified handle with a pointer to the object in the victim process. The victim then treats that pointer as part of the attacker-supplied input data, possibly making it available to the attacker at a later point in time.
When browsing to the demo site installed with DWebPro, hyperlinks to various resources located on the local machine can be accessed. Any file can be accessed on the vulnerable machine by simply replacing the start?file= location. It is important to note however that when browsing to an executable file through this vulnerability, that the web server will indeed run the application locally instead of prompting you for a download. Basic cmd commands can also be executed. These privileges can be escalated to SYSTEM by installing DWebPro as a service and then running the following command.
Grandstream GXV3611_HD Telnet SQL Injection and backdoor command vulnerability allows an attacker to gain access to the telnet server by using a backdoor command and changing the admin password to 'a'. This can be done by using telnetlib and sending the command ';update user set password='a';--' to the telnet server. After this, the attacker can telnet into port 20000 with username root and no password to get shell.
When the KeepNote imports a backup which is actuallt a tar.gz file doesn't checks for " ../ " characters which makes it possible to do a path traversal and write anywhere in the system(where the user has writing permissions). This simple POC will write to the /home/root/.bashrc the file test.txt to get command execution when the bash is run.
A buffer overflow vulnerability exists in VLC Media Player 2.2.1. An attacker can create a malicious WMV file and host it on a web server. When the user opens the malicious WMV file, the attacker can execute arbitrary code on the user's system. This vulnerability is due to a boundary error when handling WMV files. This can be exploited to cause a stack-based buffer overflow via a specially crafted WMV file.
Services By CQR