This module exploits CVE-2017-13156 in Android to install a payload into another application. The payload APK will have the same signature and can be installed as an update, preserving the existing data. The vulnerability was fixed in the 5th December 2017 security patch, and was additionally fixed by the APK Signature scheme v2, so only APKs signed with the v1 scheme are vulnerable. Payload handler is disabled, and a multi/handler must be started first.
An attacker can exploit a vulnerability in Adive Framework 2.0.7 to gain elevated privileges. By sending a crafted request to the application, an attacker can create a new user with administrator privileges. This vulnerability is due to the lack of proper input validation and authentication checks. This allows an attacker to bypass authentication and gain elevated privileges.
Jenkins build-metrics plugin 1.3 and below is vulnerable to Cross-Site Scripting. This allows an attacker to inject arbitrary JavaScript code into the application, which is then executed in the browser of the victim. This vulnerability is due to insufficient validation of user-supplied input in the 'label' parameter of the 'getBuildStats' API. An attacker can exploit this vulnerability by sending a maliciously crafted request to the vulnerable API.
Home Easy/Smartwares are a range of products designed to remotely control your home using wireless technology. Home Easy/Smartwares is vulnerable to unauthenticated database backup download and information disclosure vulnerability. This can enable the attacker to disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control.
HOME easy suffers from information disclosure and client-side authentication bypass vulnerability through IDOR by navigating to several administrative web pages. This allowed disclosing an SQLite3 database file and location. Other functionalities are also accessible by disabling JavaScript in your browser, bypassing the client-side validation and redirection.
A successful attempt would require the local attacker must insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.
When a new mount point is created in XNU, the kernel uses checkdirs() to scan all active processes to see if any of them have a current or root directory onto which the new filesystem has just been mounted. If so, replace them with the new mount point. This can be exploited by an attacker to traverse directories and gain access to sensitive information.
JSObject::putInlineSlow() is a function in JavaScriptCore library of WebKit which is used to set the value of a property in an object. This function is vulnerable to type confusion vulnerability due to lack of proper type checking. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
This exploit was found by Fuzzilli and then slightly modified. It crashes JSC in debug builds by using a combination of Object.__proto__, Object.shift(), Function(), isFinite(), and WriteBarrierBase. The exploit uses a for loop to iterate over 1000 times and then calls a function with arguments. The function then creates a String object and a Function object from the string. The Function object is then called and a for loop is used to iterate over 127 times. The isFinite() function is then called and the WriteBarrierBase is used to set the callee. This causes an out-of-bounds write which crashes JSC in debug builds.
A persistent cross-site scripting vulnerability exists in html5_snmp 1.11. An attacker can send a malicious POST request to the add_router_operation.php script with a crafted 'Remark' parameter containing a malicious JavaScript payload. This payload will be stored in the application and executed when the page is loaded by a victim.
Services By CQR