Rukovoditel Project Management CRM version 2.5.2 is vulnerable to SQL Injection. This vulnerability can be exploited by sending a maliciously crafted POST request to the application. An attacker can inject malicious SQL queries in the 'reports_id' parameter of the application. This can be exploited to gain access to sensitive information from the database.
Postie is a WordPress plugin that allows users to post to their blog via email. Postie versions 1.9.40 and below are vulnerable to persistent cross-site scripting (XSS) due to improper input validation. An attacker can craft a malicious email with a polyglot JavaScript syntax and a crafted SVG to perform a persistent XSS attack. This can allow an attacker to execute arbitrary JavaScript code in the context of the vulnerable website.
Server Directory Traversal at Huawei HG255 by malicious GET requests
This bug report describes two ways in which an attacker can modify the contents of a read-only ashmem fd. Android's ashmem kernel driver has an ->mmap() handler that attempts to lock down created VMAs based on a configured protection mask such that in particular write access to the underlying shmem file can never be gained. However, the code does not check the VM_MAY* flags that were already set in the vma->vm_flags before the call to ashmem_mmap().
When an RTP packet is processed, there is a call to UnpacketRTP. This function decrements the length of the packet by 12 without checking that the packet has at least 12 bytes in it. This leads to a negative packet length. Then, CAudioJBM::InputAudioFrameToJBM will check that the packet size is smaller than the size of a buffer before calling memcpy, but this check (n < 300) does not consider that the packet length could be negative due to the previous error. This leads to an out-of-bounds copy.
The source code of redir.c contains doproxyconnect() function which has the stack overflow vulnerability. Download and build the source code, then run the program with a long string of characters as an argument. This will cause the program to crash due to the buffer overflow vulnerability.
The VPN Unlimited Service is vulnerable to Unquoted Service Path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the service path. The service path is not quoted, which allows an attacker to inject malicious code into the service path.
I discovered a Local Privilege Escalation in Windows 10 (UAC Bypass), via an auto-elevated process. The executable is changepk.exe. changepk is used to pass a new product key, you can pass the key also via commandline. By executing changepk.exe and tracing the process we can see some RegOpenKey operations that lead to open some non-found Key in the registry (HKCU). In our case we can use "HKCU:SoftwareClassesLauncher.SystemSettingsShellOpenCommand" to spawn our Administrator cmd or to bypass the mmc UAC.
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
When the contents of poc.txt are copied and pasted into the User Name / Registration Code input fields, the application crashes due to a buffer overflow.
Services By CQR