The application interface of MOBOTIX Video Security Cameras allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
Metaphor is an exploit developed by Hanan Be'er from NorthBit Ltd. which is capable of bypassing ASLR and generating MP4 exploits in real-time. The exploit generator is written in Python and used by the PHP code. The PoC includes lookup tables for Nexus 5 Build LRX22C with Android 5.0.1. Server-side of the PoC include simple PHP scripts that run the exploit generator - XAMPP is used to serve gzipped MP4 files. The attack page is index.php.
Kamailio (successor of former OpenSER and SER) is an Open Source SIP Server released under GPL, able to handle thousands of call setups per second. Kamailio can be used to build large platforms for VoIP and realtime communications, presence, WebRTC, Instant messaging and other applications. It can also easily be applied to scaling up SIP-to-PSTN gateways, PBX systems or media servers. There is a (remotely exploitable) heap overflow vulnerability in Kamailio version 4.3.4 and possibly in previous versions. The vulnerability takes place in the SEAS module, which enables Kamailio to transfer the execution logic control of a SIP message to a given external entity, called the Application Server. The heap overflow can be triggered if Kamailio is configured to use the SEAS module, more specifically if Kamailio calls the module’s single exported function as_relay_t(). The heap overflow is located in function encode_msg(), file encode_msg.c, line 269. The destination buffer payload is allocated in encoded_msg()'s caller function, create_as_event_t(), specifically in file seas.c, line 442.
The vulnerability exists due to insufficient filtration of user-supplied data passed via "char" HTTP GET parameter to "/admin.php" PHP script. A remote authenticated attacker with privileges to view list of products can alter present SQL query, inject and execute arbitrary SQL commands in the application's database. This vulnerability can be also exploited by anonymous attacker via CSRF vector.
This vulnerability is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug. The bug occurs because the use-after-free check in the unwatch method attempts to convert its first parameter to a string by calling toString on it before continuing with the part of the method where toString could cause problems by freeing an object. However, Flash does not check that this parameter exists before calling toString on it.
The mip user is already quite privileged, capable of accessing sensitive network data. However, as the child process has supplementary gid contents, there is a very simple privilege escalation to root. This is because the snort configuration is writable by that group. This can be exploited by placing a shared library in a writable directory that is mounted with the “exec” option, and appending a “dynamicengine” directive to the snort configuration. First, a shared library is created and compiled on a workstation, and then fetched on the FireEye machine, and instructed snort to load it. The snort process is regularly restarted to process new rules, so simply wait for the snort process to respawn, and verify we were able to execute commands as root.
Remotely crash TallSoft SNMP TFTP Server by sending a specially crafted packet containing 1019 bytes of 'A' characters to the server.
A persistent XSS exists in 'My Account' page of the application. Any user entering personal information in the 'My Account' page of the application can insert XSS Payload in the Form. Test Payload: '><script>alert(1);</script> Parameter: _79_jobTitle Parameter Name: Job Title
The Wordpress Plugin Photocart Link is vulnerable to a Local File Inclusion vulnerability. This vulnerability allows an attacker to read sensitive files from the server. The vulnerability exists in the decode.php file, which is used to decode a base64 encoded string. An attacker can use this vulnerability to read the wp-config.php file, which contains the database credentials. To exploit this vulnerability, an attacker can send a crafted request to the decode.php file with the base64 encoded string of the file they want to read.
The Wordpress Plugin IMDb Profile Widget is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable pic.php file with the URL parameter set to a malicious file. This will allow the attacker to read the contents of the malicious file.
Services By CQR