Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
NetGain EM Plus is vulnerable to Unauthorized Local File Inclusion. An attacker can exploit this vulnerability to gain access to sensitive information and execute arbitrary code on the vulnerable system. The vulnerability exists due to insufficient validation of user-supplied input in the 'type' and 'content' parameters of the 'script_test.jsp' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious code in the 'type' and 'content' parameters. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information and execution of arbitrary code on the vulnerable system.
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 and before firmwares routers have a JUCI ACL misconfiguration that allows the 'user' account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.
An elevation of privilege vulnerability exists when the AppX Deployment Server (AppXSvc) improperly handles file hard links. While researching CVE-2019-0841 originally reported by Nabeel Ahmed, I have found that AppXSvc sometimes opens the settings.dat[.LOGx] files of Microsoft Edge for a restore operation that modifies the security descriptor of the files. Further analyzis revealed that the restore operation can be triggered on demand by preventing AppXSvc from accessing the settings.dat[.LOGx] files. This can be achieved by locking the settings.dat[.LOGx] file, resulting in 'Access Denied' and 'Sharing Violation' errors when Edge and AppXSvc are trying to access it. Eventually the restore operation kicks in and if the settings.dat[.LOGx] file has been replaced with a hard link AppXSvc will overwrite the security descriptor of the target file. A low privileged user can leverage this vulnerability to take 'Full Control' of an arbitrary file.
Easy authentication bypass vulnerability on the application allowing the attacker to log in as the school principal. Simply replay the below Burp request or use Curl. Payload: ' or 0=0 #
Easy authentication bypass vulnerability on this ticket booking application allowing the attacker to remove any previously booked seats. Simply replay the below Burp request or use Curl (remember to change the Cookie Values)
LimeSurvey suffered from a vulnerability due to improper input and output validation. By exploiting this vulnerability an attacker could attack other users of the web application with JavaScript code, browser exploits or Trojan horses, or perform unauthorized actions in the name of another logged-in user.
Has been detected a Cross-Site Request Forgery in phpMyAdmin, that allows an attacker to trigger a CSRF attack against a phpMyAdmin user deleting any server in the Setup page.
A buffer overflow vulnerability exists in Folder Lock v7.7.9, which allows an attacker to cause a denial of service condition by sending a specially crafted serial number and registration key. An attacker can exploit this vulnerability by running a python code to create a file containing a 6000 byte long string, copying the content of the file to the clipboard, opening Folder Lock, clicking 'Enter Key', pasting the content of the file into the 'Serial Number and Registration Key' field, and clicking 'Submit'. This will cause a crash.
A memory corruption vulnerability was discovered in Microsoft DirectWrite, a modern Windows API for high-quality text rendering. The vulnerability is caused by an invalid memory read in DWrite!SplicePixel, while rasterizing the glyphs of a slightly malformed OpenType font. The problem reproduces in all major browsers.
Services By CQR