The Joomla Gmapfp Components 3.x is allowing remote attackers to upload arbitrary files upload/shell upload due to the issues of unrestricted file uploads. An attacker can bypass the restriction by uploading files with double extensions such as file.php.png, file2.php.jpeg, file3.html.jpg, and file3.txt.jpg. The uploaded files can be accessed via the directory path http://127.0.0.1/images/gmapfp/file.php or http://127.0.0.1//images/gmapfp/file.php.png.
A stored cross-site-scripting security issue in the save page feature was discovered in UliCMS 2020.1. An attacker can exploit this vulnerability by sending a malicious POST request to the vulnerable URL with a payload in the 'content' parameter. This will allow the attacker to execute arbitrary JavaScript code in the context of the vulnerable website.
rConfig 3.9.4 is vulnerable to a remote command injection vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a malicious payload to the 'search.crud.php' page via the 'nodeId' parameter. This will allow the attacker to execute arbitrary commands on the vulnerable system.
The smart home solution is vulnerable to a remote Cross-Site Scripting triggered via a Remote File Inclusion issue by including arbitrary client-side dynamic scripts (JavaScript, VBScript) due to the undocumented proxy API and its url GET parameter. This allows hijacking the current session of the user or changing the look of the page by changing the HTML.
A vulnerability in Google Chrome 80.0.3987.87 allows a remote attacker to cause a denial of service (DoS) condition by exploiting a heap-corruption vulnerability. The vulnerability is due to improper validation of user-supplied input by the affected software. An attacker can exploit this vulnerability by sending a specially crafted request to the affected software. Successful exploitation of this vulnerability could allow an attacker to cause a denial of service condition.
A denial of service vulnerability exists in ProficySCADA for iOS 5.0.25920 when an attacker sends a specially crafted payload of 257 'A' characters to the 'Password' field, causing the application to crash.
A privilege escalation vulnerability exists in VMware Fusion 11.5.1 and 11.5.2 that allows an attacker to gain root privileges on the host system. The vulnerability is due to the insecure handling of the Open VMware USB Arbitrator Service. An attacker can exploit this vulnerability by creating a malicious service in the ~/Contents/Library/services directory and then linking it to the ~/a/b/c directory. The malicious service will then be executed when the Open VMware USB Arbitrator Service is started. This will allow the attacker to gain root privileges on the host system.
A directory traversal vulnerability in VMware Fusion's SUID binaries can allow an attacker to run commands as the root user. The vulnerability is a directory traversal bug inside of VMware Fusion. Several of the programs included in VMware Fusion rely on the their path on disk to find other libraries, helper utilities, and service daemons. Two such instances of this code pattern in SUID programs can be found in the 'Open VMware Fusion Services' executable and the 'Open VMware USB Arbitrator Service' executable. These programs try to open the service programs by looking for the files: Open VMware Fusion Services: $DIRECTORY_WITH_SUID_EXECUTABLE/../../../Contents/Library/services/VMware Fusion Services Open VMware USB Arbitrator Service: $DIRECTORY_WITH_SUID_EXECUTABLE/../../../Contents/Library/services/VMware USB Arbitrator Service While ordinarily this is fine, as any attempt to copy the programs will not copy the SUID ownership of the file and any attempt to the move the programs will fail without root access. Furthermore symbolic links will not trick the programs into using the new location. However, on macOS unprivileged users can create hard links to SUID executables, which will trick the programs. Thus, by creating an adequate directory layout and hard linking to the SUDI executables, an attacker can cause the programs to open the service programs from a location under the control of the attacker.
Vulnerable code is in MailsController::setNewIconShare() in file 'back/controllers/mails.php'. There is no checking CSRF token, no sanitizing, and authentication. An attacker can upload arbitrary files to the server without authentication.
An uncontrolled resource consumption vulnerability in SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections with SIGPIPE signal and cause a reboot via connect and write system calls because of uncontrolled resource management.
Services By CQR