There is a use-after-free in the TextField antiAliasType setter. If it is set to an object with a toString method that frees the TextField, the property will be written after it is freed. A proof-of-concept is provided in the form of a .fla and .swf file.
High-Tech Bridge Security Research Lab discovered critical vulnerability in a popular e-commerce software Zen Cart, which can be exploited by remote non-authenticated attackers to compromise vulnerable system. A remote unauthenticated attacker might be able to execute arbitrary PHP code on the target system, run arbitrary system commands, gain complete access to application's database and obtain information of all website users. The vulnerability exists due to absence of filtration of directory traversal sequences in 'act' HTTP GET parameter in '/ajax.php' script, when including local PHP files using 'require()' PHP function. A remote unauthenticated attacker can include and execute arbitrary PHP code on the target system with privileges of the web server.
Virtfshell is an exploit that takes advantage of the Time-of-Check-Time-of-Use (TOCTOU) vulnerability in the virtfs-proxy-helper from QEMU. The exploit makes use of the inotify_init() and inotify_add_watch() functions to monitor the /tmp/virtfshell directory for changes. When the virtfs-proxy-helper is executed, it creates a socket in the /tmp/virtfshell directory. The exploit then replaces the socket with a symlink to /etc/shadow, which is then chown'd to the user's UID and GID, thus elevating the user to root. The exploit then runs a cleanup script to remove any traces of the exploit.
A buffer overflow vulnerability exists in Easy File Sharing Web Server 7.2 when handling a specially crafted HEAD HTTP request. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a lack of proper validation of user-supplied input when handling the request. An attacker can send a specially crafted request containing an overly long string to trigger this vulnerability.
A buffer overflow vulnerability exists in Easy File Sharing Web Server 7.2 when handling a specially crafted GET HTTP request. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a lack of proper bounds checking of user-supplied data before copying it into a fixed-length buffer. An attacker can exploit this vulnerability by sending a specially crafted GET HTTP request containing an overly long string to the vulnerable application. This can result in a buffer overflow, which can be exploited to execute arbitrary code in the context of the application.
FireEye MPS is vulnerable to a remote code execution vulnerability, simply from monitoring hostile traffic. This vulnerability allows an attacker to compromise the FireEye device, get a root shell and start monitoring all traffic on the victim network (emails, attachments, downloads, web browsing, etc). This is due to a bug in one of the analysis tools used by the MIP (Malware Input Processor), which has various tools for analysis of different file types. One of these tools is a script that attempts to decompile Java Archives, then runs some simple regexes over the decompiled code. Examining the source code for JODE, it supports a 'String Deobfuscation' feature that relies on reflection, this is visible here. This code allows an attacker to execute arbitrary code on the FireEye device, simply by sending a malicious Java Archive file.
A static buffer overflow vulnerability was discovered in an ASAN build of Wireshark (current git master). The vulnerability can be triggered by feeding a malformed file to tshark.
The SIGSEGV crash due to an invalid memory write can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
The Ovidentia Module newsletter 2.2 (admin.php) is vulnerable to Remote File Inclusion. The $GLOBALS['babInstallPath']-parameter isn't declared before require_once, allowing an attacker to inject malicious code into the application.
Article Script is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Services By CQR