A vulnerability in NPMJS gitlabhook version 0.0.17 allows an attacker to execute arbitrary commands on the target system. This is due to the lack of input validation on the 'repository' parameter in the POST request. An attacker can craft a malicious POST request with a malicious 'repository' parameter to execute arbitrary commands on the target system.
This plugin allows you to add logfiles via wp-admin. The problem here is that the file paths are stored unfiltered/unescaped. This gives the possibility of a persistent XSS attack.
SpotIE Internet Explorer Password Recovery 2.9.5 is vulnerable to a denial of service attack when a maliciously crafted 'Key' is entered into the registration form. An attacker can exploit this vulnerability by running a perl script to generate a file containing 256 'E' characters, copying the contents of the file to the clipboard, and then pasting it into the 'Key' field of the registration form. This will cause the program to crash.
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
This module exploits a buffer overflow vulnerability in the Microsoft Remote Desktop Protocol (RDP) service. The vulnerability is caused by improper handling of messages sent to the RDP service. An attacker can send a specially crafted message to the RDP service to trigger the buffer overflow and execute arbitrary code.
When an NSKeyedUnarchiver decodes an object, it first allocates the object using allocWithZone, and then puts the object into a dictionary for temporary objects. It then calls the appropriate initWithCoder: on the allocated object. If initWithCoder: or any method it calls decodes the same object, its gets back a reference to the original object in the temporary object dictionary. For many classes, this is a placeholder object that will throw an 'uninitialized' exception when accessed, but for some classes, this is the object that will eventually be returned by initWithCoder:. This means that when an initWithCoder: method decodes an object that has a reference to itself in it, the object might not be fully initialized. It is possible to combine these two behaviors to create an NSSharedKeyDictionary with a value array that is too small.
There's a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric. It can be triggered by constructing an X.509 certificate and embedding it in an S/MIME message, authenticode signature, schannel connection, etc. This will effectively DoS any Windows server and may require the machine to be rebooted.
The pfsense allow users (uid=0) to make remote procedure calls over HTTP (XMLRPC) and the XMLRPC contain some critical methods which allow any authenticated user/hacker to execute OS commands. As we see in the output we have two interesting methods: pfsense.exec_shell and pfsense.exec_php. In the static analysis we will analysis the xmlrpc.php file. This code check if the user have enough privileges. As we can see, first we have a check for auth tpken and then we have a check for the method name.
A SEH overflow vulnerability exists in File Sharing Wizard 1.5.0, which could allow an attacker to execute arbitrary code on the target system. The vulnerability is due to a lack of proper validation of user-supplied input when handling a 'POST' request. An attacker can exploit this vulnerability by sending a specially crafted 'POST' request to the vulnerable application. This may allow the attacker to execute arbitrary code on the target system.
When adding a new user to the application, you can exploit a local SEH buffer overflow by creating a malicious username, this exploit POC will create a malicious text file with the contents to execute arbitrary code.
Services By CQR