Adobe ColdFusion in versions 11 and below is vulnerable to XXE Injection when processing untrusted office documents. An attacker can supply a malicious document containing an XML External Entity declaration which will be processed by ColdFusion and can lead to various attacks such as reading arbitrary files, listing web/system directories, SSRF attacks, SMB relay attacks, temporary file uploads, etc.
Freepbx is vulnerable to unauthenticated remote command execution due to multiple weak inputs validation as well as partial authenticaion bypass. The vulnerability is present in the Process class of the Symfony/Process/Process.php file, where the command line is not properly sanitized. This allows an attacker to inject malicious commands into the command line. The vulnerability is also present in the SoxShell.php file, where the command line is not properly sanitized, allowing an attacker to inject malicious commands into the command line.
This module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.
TeamViewer 11.0.65452 is vulnerable to local credentials disclosure, the supplied userid and password are stored in a plaintext format in memory process. There is no need in privilege account access. Credentials are stored in context of regular user. A potential attacker could reveal the supplied username and password automaticaly and gain persistent access to host via TeamViewer services.
CVE-2015-7547 is a stack-based buffer overflow vulnerability in the glibc getaddrinfo() function. It was discovered by Google and affects all versions of glibc prior to 2.18. The vulnerability is triggered when a maliciously crafted DNS response is received by an application that uses the getaddrinfo() function. The vulnerability can be exploited to execute arbitrary code on the vulnerable system.
SQL Injection Vulnerability (3 Items): on Tools>Changelog [sPage] Parameter is vulnerable against SQLi. Method: GET Payload: http://[Site]/phpipam/?page=tools§ion=changelog&subnetId=a&sPage=50' [SQLi] on http://[Site]/phpipam/app/tools/user-menu/user-edit.php [lang] and [printLimit] Parameters are vulnerable against SQLi. Payload: Method : POST PostData= real_name=phpIPAM+Admin&email=admin%40domain.local&password1=&password2=&mailNotify=No&mailChangelog=No&printLimit=30&lang=9'[SQLi] OR Method : POST http://[Site]/phpipam/app/tools/user-menu/user-edit.php PostData= real_name=phpIPAM+Admin&email=admin%40domain.local&password1=&password2=&lang=9&mailNotify=No&mailChangelog=No&printLimit=30'[SQLi] XSS Vulnerability (36 Items): Method: POST http://[Site]/phpipam/app/admin/languages/edit.php PostData: langid=2"><script>alert(document.cookie);</script>&action=edit http://[Site]/phpipam/app/admin/languages/edit.php PostData: langid=2&action=edit"><script>alert(document.cookie);</script> http://[Site]/phpipam/app/admin/widgets/edit.php PostData: wid=1"><SCRIPT>ALERT(DOCUMENT.COOKIE);</SCRIPT>&action=edit http://[Site]/phpipam/app/admin/widgets/edit.php PostData: wid=1&action=edit"><SCRIPT>ALERT(DOCUMENT.COOKIE);</SCRIPT> http://[Site]/phpipam/app/admin/scan-agents/edit.php PostData: id=1&actio"><script>alert(document.cookie);</script>n=edit http://[Site]/phpipam/app/admin/scan-agents/edit.php PostData: id=1&action=edit"><script>alert(document.cookie);</script>
Navicat Premium client v11.2.11 is vulnerable to local password disclosure, the supplied password is stored in a plaintext format in memory process. A potential attacker could reveal the supplied password in order to gain access to the database.
The vulnerable page is /ext/forcedownload.php. An attacker can access the file by sending a request to http://server/wp-content/plugins/rb-agency/ext/forcedownload.php?file=../../../../../../../../etc/passwd
The Belkin F9K1122v1 is vulnerable to a buffer overflow and cross-site request forgery (CSRF). The buffer overflow vulnerability is located in the fmmgmt.c file, where the webpage parameter is not properly sanitized before being used in a sprintf call. This allows an attacker to execute arbitrary code on the device. The CSRF vulnerability is due to the lack of protection against CSRFs, allowing an attacker to embed malicious JavaScript code in a webpage and execute it on the device.
In our research which involved this program we found that this process store the credentials that you supplied for connecting, in clear text in the process memory. In this situation a potential attacker who hacked your system can reveal your Username and Password steal and use them. This may assist him in gaining persistence access to your Organization LAN network.
Services By CQR