A vulnerability in PHP 7.0 JsonSerializable::jsonSerialize json_encode can be exploited to cause a Local Denial of Service. The bug was discovered by Yakir Wizman and affects Windows Server 2012 R2 64bit, English, PHP 7.0.
Input passed to the 'holiday_name' and 'memo' POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The issue exist due to the way visLogin.jsp script processes the login request via the 'EnvironmentUtil.getClientIp(request)' method. It runs a check whether the request is coming from the local machine and sets the ip variable to '127.0.0.1' if equal to 0:0:0:0:0:0:0:1. The ip variable is then used as a username value with the password '123456' to authenticate and disclose sensitive information and/or do unauthorized actions.
The ZKBioSecurity solution suffers from a use of hard-coded credentials. The application comes bundled with a pre-configured apache tomcat server and an exposed 'manager' application that after authenticating with the credentials: username: zkteco, password: zkt123, located in tomcat-users.xml file, it allows malicious WAR archive containing a JSP application to be uploaded, thus giving the attacker the ability to execute arbitrary code with SYSTEM privileges.
ZKAccess suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users' group.
ZKTime.Net suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Everyone' group, making the entire directory 'ZKTimeNet3.0' and its files and sub-dirs world-writable.
This exploit causes a crash in PHP 7.0 when AppendIterator::append is called with the same AppendIterator instance as an argument. This causes an infinite loop in the append method, resulting in a denial of service.
This exploit causes a denial of service in PHP 5.0.0 when the snmpset() function is used with a string of 9999 'A's. This exploit was tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0. The bug was discovered by Yakir Wizman.
This exploit causes a denial of service in PHP 5.0.0 when the snmprealwalk() function is called with a large string as an argument. This causes the application to crash.
This exploit causes a denial of service in PHP 5.0.0 when the snmpwalk() function is used with a string of 9999 'A' characters. This exploit has been tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0.
Services By CQR