This module exploits a file upload vulnerability in D-Link DCS-931L network cameras. The setFileUpload functionality allows authenticated users to upload files to anywhere on the file system, allowing system files to be overwritten, resulting in execution of arbitrary commands. This module has been tested successfully on a D-Link DCS-931L with firmware versions 1.01_B7 (2013-04-19) and 1.04_B1 (2014-04-21). D-Link DCS-930L, DCS-932L, DCS-933L models are also reportedly affected, but untested.
MediaAccess TG788vn with Cisco firewall http config is vulnerable to critical unauthenticated file disclosure flaw. The http server is running with root privileges, which mean that the attacker might escalate the exploit for further critical attacks.
Through PHPIPAM, external users can try to authenticate on the following page: http://server/phpipam/?page=login. For each try, even if it's a success or a failure, a line is added in the log register. The admin user can read those logs through the back office. Here is an example of authentication log lines: 'User Admin1 logged in.' 'User User1 failed to log in.' A malicious user can use this log feature to make administrator executes JavaScript instructions in his browser. To do so, an external user can try to inject JavaScript instructions in the 'username' field of the authentication form.
Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
Ganeti is prone to a SSL DoS with SSL renegociation against the RAPI Daemon. The exploit is available at: https://github.com/pierrekim/advisories/blob/master/ganeti/exploit-ganeti-0x00.py
Simple PHP Polling System helps organizations to make polls of different types of positions with a number of candidates under each position. This vulnerable package has 5869+ downloads till the date. Multiple vulnerabilities (SQL insertion injection, Persistent Cross Site Scripting, Password Reset) exist in the manage-profile.php and registeracc.php pages. In manage-profile.php, there is no filteration or validation for user supplied data, on parameter $_POST['email'], which can be used to inject post parameter email to perform SQL Injection attack. In registeracc.php, there is no filteration or validation for user supplied data, on parameter $_POST['email'], which can be used to inject post parameter email to perform SQL Injection attack. In manage-profile.php page, by changing the value of 'member_id' attacker can reset the user details in the database. In manage-profile.php page, by changing the value of 'first_name' attacker can inject malicious script in the database.
Vulnerability exist in admin panel authentication mechanism due to use of $_COOKIE['LoggedIn'] , as $_COOKIE variable can be manipulated by user so any user can login to admin panel without knowing username password. Just set cookie value LoggedIn=yes in request header and web application will let you login. install.php is the page which can be used for application reinstallation. Open link application/install.php and a form will appear, first text field is for new admin username and second field is for new password of web application proceed with installation and web application will setup with new attacker supplied admin username password.
This exploit allows a local user to gain root privileges on Ubuntu 14.04 LTS, 15.10 and more. It works by creating a new user namespace, a new mount namespace, and then mounting an overlayfs filesystem. The user then executes a shell with root privileges.
The crash was encountered in pdfium (the Chrome PDF renderer) during PDF fuzzing. It was caused by a heap-buffer-overflow on address 0x60700000794c at pc 0x000000cfaaef bp 0x7ffd89a11070 sp 0x7ffd89a11068. The overflow was caused by a read of size 4 at 0x60700000794c. The address was located 4 bytes to the right of 8-byte region [0x607000007948,0x607000007950) allocated by thread T0.
'id' field in software_add_license.php and 'pc' field in delete_system.php, list_viewdef_software_for_system.php and system_export.php is not properly sanitized, that leads to SQL Injection Vulnerability.
Services By CQR