The Atomic Alarm Clock service 'timeserv.exe' will load an arbitrary EXE and execute it with SYSTEM integrity. This security misconfiguration by the vendor can be exploited locally or as part of an attack chain. By placing a file named 'Program.exe' on the root drive, an attacker can obtain persistent arbitrary code execution. Under normal environmental conditions, this exploit ensures escalation of privileges from Admin to SYSTEM.
Rubo DICOM Viewer 2.0 is vulnerable to a buffer overflow vulnerability when a specially crafted overview.txt file is sent to the application. This can be exploited to execute arbitrary code by overwriting the SEH handler.
The vulnerability laboratory core research team discovered multiple persistent web vulnerabilities in the official Fork CMS v5.8.0.
This exploit allows an attacker to execute arbitrary code on a vulnerable Prestashop version 1.7.6.4 and below. The exploit works by sending a malicious SVG file to the target server, which is then processed by the server and executes the code contained in the SVG file. The code in the SVG file contains a malicious URL which is used to import a malicious theme file, which can then be used to execute arbitrary code on the target server.
Atomic Alarm Clock 6.3 is vulnerable to a stack overflow vulnerability when a specially crafted Unicode string is sent to the application. This can be exploited to execute arbitrary code by overwriting the SEH handler.
The analysis discovered a time-based blind SQL injection vulnerability in the tracker functionality of Centreon Monitoring software. A malicious user can inject arbitrary SQL commands to the application. The vulnerability lies in the project tracker service search functionality; depending on project visibility successful exploitation may require user authentication. A successful attack can read, modify or delete data from the database or execute arbitrary commands on the underlying system.
Code Blocks 16.01 is vulnerable to a buffer overflow vulnerability when a specially crafted .m3u file is opened. This vulnerability can be exploited to execute arbitrary code by overwriting the SEH handler with a malicious payload. The vulnerability is triggered when a specially crafted .m3u file is opened, which contains a buffer of 536 bytes followed by a POPAD + Aligned and POP/POP/RET instructions. The malicious payload is then placed after the POP/POP/RET instructions and is executed when the SEH handler is overwritten.
This module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. This is a post-authentication vulnerability, so credentials are required to exploit the bug. Any user regardless of privilege level may be used.
Multiple cross site vulnerabilities have been discovered in the TAO Open Source Assessment Platform v3.3.0 RC02. The vulnerabilities allow remote attackers to inject malicious script codes on the application-side (persistent) of the vulnerable service module. The vulnerability is located in the `name` and `description` value of the `create` module. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable module. The execution of the script code occurs in the `list` module of the `create` module. The request method to inject is POST and the attack vector is located on the application-side.
The vulnerability allows remote attackers to inject own malicious script codes to the application-side of the vulnerable module. The persistent web vulnerability is located in the `name` value of the `playlist` module. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable module.
Services By CQR