Microix timeclock is vulnerable to a SQL injection. The field that is injectable is ctl00$ctl00$ASPxCallbackPanel1Root$ASPxSplitter1$Content$ASPxSplitter2$Content2$ASPxRoundPanel1$ASPxCallbackPanel1$txtUserIDOrBadgeID.
A heap overflow vulnerability was observed in Microsoft PowerPoint 2010 running under Windows 7 x86 with application verifier enabled. The ecx register was pointing to invalid memory in this crash, which was passed in as the first argument to the crashing function. The calling function obtained this value from a pointer in stack memory at 0x0024e46c + 0x10. The allocation size was 0x20 bytes.
Symantec's unrar based unpacker is vulnerable to dozens of publicly documented flaws. Two known bugs in unrar that are fixed upstream, but not in Symantec's ancient code, can lead to remote code execution at the highest possible privilege level.
This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The constructed object is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura versions prior to 11.1.0-2 are affected by this issue.
`$_REQUEST['key']` is not escaped inside `actions.inc.php`. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application. The request contains a malicious SQL query which can be used to extract sensitive information from the database.
ZineBasic 1.1 is vulnerable to a remote file disclosure vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to view the contents of any file on the server.
The TPView.DLL library, used by vprintproxy.exe, contains a stack-based buffer overflow vulnerability in the processing of record 0xff5c (Quantization Default). This vulnerability was reported by Kostya Kortchinsky in bug #287.
MuM MapEdit provides geodata to the internet and intranets and is deployed on several communal and regional governmental infrastructures to provide geodata to the population. It consists of a silverlight client and a C#.NET backend. The communication between them is HTTP/S based and involves the NBFS (.NET Binary Format SOAP). The application requires users to provide their credentials via GET Parameters. They can therefore possibly be found in server logs or proxy logs. An authenticated user may send POST requests to the URL /Mum.Geo.Services/DataAccessService.svc. This service is used to execute SQL queries on the databases.
This module obtains root privileges from any host account with access to the Docker daemon. Usually this includes accounts in the `docker` group.
The SolarWinds Kiwi Syslog Server is vulnerable to privilege escalation due to an unquoted service path. An authorized but non-privileged local user can exploit this vulnerability to execute arbitrary code with elevated privileges on the system.
Services By CQR