Wowza Streaming Engine suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group. In combination with insecure file permissions the application suffers from an unquoted search path issue impacting the services 'WowzaStreamingEngine450' and 'WowzaStreamingEngineManager450' for Windows deployed as part of Wowza Streaming software.
A persistent input validation web vulnerability has been discovered in the official Django v3.3.0 Content Management System. The vulnerability allows remote attackers to inject own malicious script codes to the application-side of the vulnerable module. The vulnerability is located in the `editor snippet` of the `cms` module. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable module. The request method to inject is POST and the attack vector is located on the application-side.
A vulnerability in Free News Script allows an attacker to download a file containing the username and password hash of all users. By accessing the URL http://site/admin/user.txt, an attacker can download a file containing the username and password hash of all users. The password hash is in MD5 format.
This format string vulnerability has following characteristic: Heap Based (Exploiting string located on the heap), Blind Attack (No output the remote attacker)(*), Remotly exploitable (As anonymous, no credentials needed). This exploit has following characteristic: Multiple architecture exploit (MIPS/CRISv32/ARM) [From version 5.20.x], Modifying LHOST/LPORT in shellcode on the fly, Manual exploiting of remote targets, Simple HTTPS support, Basic Authorization support (not needed for this exploit), FMS dictionary and predicted addresses for GOT free() / BSS / Netcat shellcode, Multiple shellcodes (ARM, CRISv32, MIPS and Netcat PIPE shell), Exploiting with MIPS, CRISv32 and ARM shellcode will give shell as root, Exploiting with ARM Netcat PIPE shell give normally shell as Anonymous (5.2x and 5.4x give shell as root), Multiple FMS exploit techniques, "One-Write-Where-And-What" for MIPS and CRISv32, "Old Style" POP's, Classic exploit using: Count to free() GOT, write shellcode address, jump to shellcode on free() call, Shellcode loaded in memory by sending shellcode URL encoded, that SSI daemon decodes and keeps in memory, "Two-Write-Where-And-What" for ARM, "Old Style": Writing 1x LSB and 1x MSB by using offsets for GOT free() target address, "New Style": ARM Arch's have both "Old Style" (>5.50.x) )POPs and "New Style" (<5.40.x) direct parameter access for POP/Write, Another way to POP with "Old Style", to be able POPing with low as 1 byte (One byte with %1c instead of eight with %8x), Exhaustive testing with multiple versions.
A vulnerability in Meinburg M400 allows an attacker to execute arbitrary code remotely. This is due to the lack of proper input validation when handling user-defined notifications. An attacker can craft a malicious payload and send it to the vulnerable device, which will then execute the payload. This vulnerability affects versions 2.6.15.1, 530, Lantime configuration utility 1.27, and ELX800/GPS M4x V5.30p.
Proof-of-Concept exploit for CVE-2016-0189 (VBScript Memory Corruption in IE11). Tested on Windows 10 IE11. To run, download the support and exploit files, serve the directory using a webserver, and browse with a victim IE to vbscript_bypass_pm.html. Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40118.zip
By sending large passwords, a remote user can enumerate users on system that runs SSHD. This problem exists in most modern configuration due to the fact that it takes much longer to calculate SHA256/SHA512 hash than BLOWFISH hash.
An attacker can exploit a file disclosure vulnerability in clear voyager hotspot IMW-C910W by sending a specially crafted HTTP request to the vulnerable device. This can allow the attacker to access sensitive information such as passwords stored in the device.
Guru, allows you to create online courses easily! The Itemid parameter of the com_guru component is vulnerable to SQL Injection. A proof of concept is provided in the text, where an attacker can inject malicious SQL code into the Itemid parameter of the URL.
This module exploits the lack of sanitization of standard handles in Windows' Secondary Logon Service. The vulnerability is known to affect versions of Windows 7-10 and 2k8-2k12 32 and 64 bit. This module will only work against those versions of Windows with Powershell 2.0 or later and systems with two or more CPU cores.
Services By CQR