Device application services run as (root) privileged user, and does not perform strict input validation. This allows an authenticated user to execute any system commands on the system. The application stores the following information in cleartext: Username, Password, SNMP Community String.
The data supplied to both the `old’ and `new’ web applications (the device has two web based management interfaces) was permanently stored and could be retrieved later by other users. This is a normal feature of many applications, however, in this instance the application failed to restrict the type of data that could be stored and also failed to sanitise it, meaning that it could not be safely rendered by the browser. Stored cross-site scripting could be triggered by attempting to login with a username of `<script>alert(1)</script>’ (affects `old’ interface and results in post-authentication cross-site Scripting when a legitimate administrator views the realtime log), creating an account with a username of `<script>alert(1)</script>’ (affects both `old’ and `new’ interfaces once created) and setting the device’s hostname to `<script>alert(1)</script>’ (affects `old’ interface once created). A number of locations were identified as being vulnerable to reflective attacks, including http://<host>/exec?module=config&sessionid=<sessionid>&inspect=%3Cscript%20src=http://localhost:9090%3E%3C/script%3E, http://<host>/exec?tool=atcommands&sessionid=<sessionid>&sourceobject=WANINTERFACELIST.OBJECT__0&module=configtools&commands=%3Cscript%3Ealert%281%29%3C%2Fscript%3E and http://<host>/exec?tool=ping&sessionid=<sessionid>&sourceobject=WANINTERFACELIST.OBJECT__0&module=configtools&host=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pingcount=3&databytes=56. The inclusion of session IDs in all URLs partially mitigates the reflective cross-site scripting but could itself be considered a vulnerability since it is included in referred headers and log files.
yTree is prone to a stack-based overflow, an attacker could exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Jive forums is a widely recognized network community. Its products have been used by global IT giants including IBM, HP, Oracle, Adobe, Cisco, Intel, Amazon, Emc, Mcafee, Rapid7, Fireeye, etc. The version of JiveForums <=5.5.25 and < 4.0 are vulnerable to a directory traversal security issue, other versions may also be affected.
Timeclock-software.net's free software product was vulnerable to time-based blind SQL injection type. Moreover, once logged into the app; the following URLs were found to be vulnerable too: http://server/view_data.php?period_id, http://server/edit_type.php?type_id=, http://server/edit_user.php?user_id=, http://server/edit_entry.php?time_id=, all of them were vulnerable to Union query and time-based blind.
The vulnerability is caused due to a boundary error in baselibs.dll library when processing device job file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .APP file. Successful exploitation could allow execution of arbitrary code on the affected machine.
The crash was encountered in pdfium (the Chrome PDF renderer) during PDF fuzzing. The crash was caused by a heap-use-after-free on address 0x606000001160 at pc 0x000000b604dc bp 0x7ffd824f3c70 sp 0x7ffd824f3c68. READ of size 8 at 0x606000001160 thread T0.
This Cross-Site Request Forgery vulnerability enables an anonymous attacker to add an device into the application. and device fileds are vulnerable tocross site scripting attack This leads to compromising the whole domain as the application.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WPS. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed .xls file, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the WPS Spreadshet application.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WPS. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the handling of a crafted Presentation files with an invalid “Length” header in a drawingContainer. By providing a malformed .ppt file, an attacke can cause a stack-based buffer overflow, resulting in code execution under the context of the current process.
Services By CQR