An authenticated SQL injection vulnerability exists in Joomla! J2 JOBS 1.3.0. The vulnerability is due to improper validation of user-supplied input in the 'sortby' parameter. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application's database.
A SQL injection vulnerability exists in Park Ticketing Management System 1.0, which allows an attacker to inject malicious SQL commands into the 'viewid' parameter of the 'view-normal-ticket.php' script. This can be exploited to execute arbitrary SQL commands in the context of the webserver process.
Aruba ClearPass Policy Manager 6.7.0 is vulnerable to unauthenticated remote command execution. An attacker can exploit this vulnerability by sending a malicious OpenSSL engine to the vulnerable server. This will allow the attacker to execute arbitrary commands on the server.
Attacker can bypass the login page and access the dashboard page by sending a POST request with the payload '=''or' to the vulnerable file adminlogin.php.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The request should contain the filename and filepath parameters, which can be used to download any file from the server.
FFI Exploit is a vulnerability in PHP that allows an attacker to call system($cmd) without using FFI::load() or FFI::cdefs(). It uses three potential bugs, which are no bounds check for FFI::String() when type is ZEND_FFI_TYPE_POINTER, no bounds check for FFI::memcpy when type is ZEND_FFI_TYPE_POINTER, and the ability to walk back CDATA object to get a pointer to its internal reference pointer using FFI::addr(). The exploit steps involve using read/write to leak zif_system pointer, and hijacking RIP with complete argument control.
An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.
The Global RADAR BSA Radar 1.6.7234.X application lacks valid authorization controls in multiple functions while logged into the application. This can allow for manipulation and takeover of user accounts if successfully exploited. The vulnerable functions exposed are ChangePassword, SaveUserProfile, and GetUser. ChangePassword API endpoint allows the ability to update the password belonging to another account by their UserID, and therefore leading to account takeover. SaveUserProfile API endpoint allows the ability to update the user profile belonging to another account by using their UserID. This includes modifiable details like first name, last name, email, and phone number. This also allows for injection of a Stored Cross-Site Scripting (XSS) into arbitrary user account profiles as the first name and last name parameters are vulnerable.
Qmail is vulnerable to a Shellshock vulnerability due to lack of validation in the MAIL FROM field. An attacker can exploit this vulnerability by sending a malicious payload in the MAIL FROM field, which will be executed on the target system.
A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.X that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e. the "BankAdmin" role) via a forged request to the SaveUser API. The privilege escalation is achieved by saving the response of the GetUser request (from clicking the username in the top right). When this profile is saved it will send a request to the SaveUserProfile endpoint. This response can be saved and modified (while updating it as needed to escalate privileges to BankAdmin role) then sent to the SaveUser endpoint which is the endpoint used for admins to update privileges of any user. After successful privilege escalation, a user can then access the Administration features and modify the application or accounts, cause further damage to the application and users, or exfiltrate application data.
Services By CQR