A local attacker can gain root privileges by exploiting a design error vulnerability in the xscreensaver distributed with Solaris. The attacker can create (or append to) arbitrary files on the system, by abusing the -log command line switch introduced in version 5.06. This flaw can be leveraged to cause a denial of service condition or to escalate privileges to root.
Trend Micro Anti-Threat Toolkit (ATTK) will load and execute arbitrary .EXE files if a malware author happens to use the vulnerable naming convention of "cmd.exe" or "regedit.exe" and the malware can be placed in the vacinity of the ATTK when a scan is launched by the end user. Since the ATTK is signed by verified publisher and therefore assumed trusted any MOTW security warnings are bypassed if the malware was internet downloaded, also it can become a persistence mechanism as each time the Anti-Threat Toolkit is run so can an attackers malware.
WinRAR 5.80 is vulnerable to XML External Entity Injection. An attacker can craft a malicious XML file and send it to the victim, which can then be used to read arbitrary files on the victim's system. The attacker can also use the malicious XML file to send the contents of the arbitrary files to a remote server under the attacker's control. The exploit involves creating an HTML file with a malicious XML file embedded in it, and then dragging the HTML file into the WinRAR window. The malicious XML file contains an entity declaration that references a remote DTD file hosted on the attacker's server. The DTD file contains an entity declaration that references a file on the victim's system, which is then sent to the attacker's server.
WorkgroupMail 7.5.1 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the unquoted service path. The vulnerable service is 'WorkgroupMail' and the vulnerable binary is 'wmsvc.exe'. The vulnerable version is 7.5.1 and the vulnerable platform is Windows 10.
This exploit allows an attacker to upload a malicious reverse shell to the Restaurant Management System 1.0. The attacker can then execute arbitrary commands on the vulnerable system.
Authentication Bypass via Arbitrary File Read. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable server. This will allow the attacker to read arbitrary files from the server.
This vulnerability is in the validation mode and is located in 'Add Post' or 'Add Page' of Wordpress and the vulnerability type is stored. After installing Popup Builder, it will make a section in Add Post and Add Page. In this section, the user can choose which popup to show. This creates an option tag with the value of the popup title. An attacker can break the option tag and insert a script tag inside the popup title, which will then be executed when the user visits the Add Post or Add Page section.
This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened, by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability.
Exploitation of a design error vulnerability in xscreensaver, as distributed with Solaris 11.x, allows local attackers to create (or append to) arbitrary files on the system, by abusing the -log command line switch introduced in version 5.06. This flaw can be leveraged to cause a denial of service condition or to escalate privileges to root. This is a Solaris-specific vulnerability, caused by the fact that Oracle maintains a slightly different codebase from the upstream one (CVE-2019-3010).
X.Org X Server 1.20.4 is vulnerable to a local stack overflow vulnerability. The vulnerability is caused due to a boundary error within the XQueryKeymap() function when handling user-supplied input. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted request to the affected server.
Services By CQR