Express Accounts Accounting v7.02 is vulnerable to Persistent Cross-Site Scripting (XSS). An authenticated unprivileged user can inject malicious payloads into the Customer field of Invoices, Sales Orders, Items, Customers, and Quotes sections. When an authenticated privileged or unprivileged user visits any of these sections, the payload will be executed.
Lavasoft 2.3.4.7 installs LavasoftTcpService as a service with an unquoted service path, allowing an attacker to gain elevated privileges.
Sudo doesn't check for the existence of the specified user id and executes the with arbitrary user id with the sudo priv -u#-1 returns as 0 which is root's id and /bin/bash is executed with root permission.
Podman is container engine / platform similar to Docker supported by RedHat and Fedora with Varlink being a protocol to exchange messages, which comes in handy for things like a Remote API. Depending on how Podman and Varlink are deployed, they can be susceptible to local and remote attacks. There are a few API bugs in Podman itself, as well as a way to execute arbitary commands if one can hit Podman via the Remote API. Running Podman with Varlink over tcp listening either on localhost or the network interface is the most vulnerable setup, but other ways such as access via the local UNIX socket or over SSH (key /w no passphrase is common) aren't likely to be vulnerable unless ACLs or other stuff is broken.
Ajenti is a web control panel written in Python and AngularJS. One can locally monitor executed commands on the server while testing. Modified the JSON request username value to be `id` which allows for remote code execution. Tested Ajenti 2.1.31 on Ubuntu 18.04, fixed in 2.1.32.
An authenticated unprivileged user can inject malicious JavaScript code into the 'Customer' field of the Invoices, Items, Customers, and Quotes sections of Express Invoice v7.12. When an authenticated privileged or unprivileged user visits any of these sections, the malicious code will be executed.
SpotAuditor 5.3.1.0 is vulnerable to a denial of service attack. By entering 5000 A's into the name field of the register functionality, the application will crash.
We have encountered a Windows kernel crash in memcpy() called by nt!MiRelocateImage while trying to load a malformed PE image into the process address space as a data file (i.e. LoadLibraryEx(LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE)). An example crash log generated after triggering the bug is shown below.
A Windows kernel crash was encountered in nt!MiOffsetToProtos while trying to load a malformed PE image into the process address space as a data file. The bugcheck code was SYSTEM_SERVICE_EXCEPTION (3b) with Exception code that caused the bugcheck as 00000000c0000005.
A vulnerability in TP-Link TL-WR1043ND V2 routers allows an attacker to bypass authentication and gain access to the router's web interface. This is due to the router's web interface not properly validating the Authorization header. An attacker can send a specially crafted HTTP request with a valid Authorization header to gain access to the router's web interface.
Services By CQR