A proof-of-concept (PoC) exploit for a buffer overflow vulnerability in Microsoft Word has been released. The exploit is triggered by forcing Word to recover a document, and then triggering the bug in three ways: Save, Close/Save, and change format.
The 'orderby' parameter in DBTableViewer is vulnerable and can be performed using blind injection. SQLMAP identified the following injection points with a total of 727 HTTP(s) requests.
In recent security research, Secorda security team has found multiple vulnerabilities affecting Cisco EPC3928 Wireless Residential Gateway. Variants of this product can also be affected. Using combination of several vulnerabilities, attacker is able to remotely download and decode boot configuration file, which can be seen on the PoC video. The attacker is also able to reconfigure device in order to perform attacks on the home-user, inject additional data to modem http response or extract sensitive informations from the device, such as the Wi-Fi key.
The League of Legends screensaver was installed with insecure file permissions. It was found that all folder and file permissions were incorrectly configured during installation. It was possible to replace the service binary. This was reported to Riot Games and has been rectified in the latest version.
The Nagios XI application is affected by multiple security vulnerabilities, including unauthenticated SQL injection and authentication bypass, arbitrary code execution via command injection, privilege escalation, server-side request forgery and account hijacking. These vulnerabilities can be chained together to obtain unauthenticated remote code execution as the root user.
rConfig, the open source network device configuration management tool, is vulnerable to local file inclusion in /lib/crud/downloadFile.php. downloadFile.php allows authenticated users to download any file on the server. This is because downloadFile.php does not check the download_file parameter before it uses it. It merely opens and sends the file in the parameter to the user. As long as the account running the web server has access to it, rConfig will open it and send it.
$_POST['id'] is not escaped and `populate_download_edit_form()` is accessible for every registered user.
Uncode WP Theme RCE Expoit is a vulnerability that allows an attacker to execute arbitrary code on a vulnerable system. This vulnerability was discovered in the Uncode WP Theme version 1.3.0 and 1.3.1. The exploit involves sending a malicious file to the vulnerable system and then executing it. The attacker can then gain access to the system and execute arbitrary code.
WP PRO Advertising System - All In One Ad Manager is vulnerable to SQL injection, unserialize and file delete. An attacker can exploit this vulnerability to gain access to the system and delete files.
This Vulnerability has been disclosed to public yesterday about WP Mobile Detector Arbitrary File upload for version <=3.5 in which attacker can upload malicious PHP Files (Shell) into the Website. Over 10,000 users are affected, Vendor has released a Patch in their version 3.6 & 3.7 at https://wordpress.org/plugins/wp-mobile-detector/changelog/.
Services By CQR