The vulnerability is a heap-based buffer overflow in Graphite2, a library for rendering non-Roman writing systems. The vulnerability can be triggered by running a modified ASAN build of the standard Graphite2 gr2FontTest utility with a command that includes a path to a file and the text argument. The patch for the vulnerability is to hardcode the tested text to include all characters in the 0x1..0xfff range, instead of having to specify them in command line.
A stack-based buffer overflow vulnerability exists in the PlayMacro() function of the WdMacCtl.ocx ActiveX control, which is part of the Micro Focus Rumba+ v9.4 software package. The vulnerability is triggered when a large amount of bytes is passed to the MacroName parameter of the PlayMacro() function. An attacker can exploit this vulnerability to gain access to the system of the affected node and execute arbitrary code.
EduSec suffers from multiple SQL Injection vulnerabilities. Input passed via multiple 'id' GET parameters are not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Real Estate Portal suffers from an arbitrary file upload vulnerability leading to an arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/upload.php' script thru the 'myfile' POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php' extension that will be stored in the '/uploads' directory.
The PowerFolder server and client are written in Java. Data exchange is mainly done via serialized objects that are send over a dedicated port (TCP port 1337). This service allows deserialization of untrusted data, which can be exploited to execute a remote code execution attack.
It seems that /webmail/spellcheck.aspx?xml= endpoint takes XML request as an parameter and parse it with XML entities. By abusing XML entities attackers can read Web.config file as well as settings.xml that contains administrator account credentials in plain-text.
The plugin 'XenAPI' for XenForo offers a REST Api with different functions to query and edit information from the XenForo database backend. Amongst those are 'getGroup' and 'getUsers', which can be called without authentication (default) and since the application does not properly validate and sanitize the 'value' parameter, it is possible to inject arbitrary SQL commands into the XenForo backend database.
JobScript suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin-ajax.php' script thru the 'name' and 'file' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php' extension (to bypass the '.htaccess' block rule) that will be stored in '/jobmonster/wp-content/uploads/jobmonster/' directory.
Multiple ETAP binaries are prone to a stack-based buffer overflow vulnerability because the application fails to handle malformed arguments. An attacker can exploit these issues to execute arbitrary code within the context of the application or to trigger a denial-of-service conditions.
ETAP suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Authenticated Users' group.
Services By CQR