An unsafe strcpy at abc.c:241 allows an attacker to overwrite the return address from the openIn function by providing a long input filename. This carries similar risk to CVE-2004-1257.
A remote code execution vulnerability has been discovered in the official TortoiseSVN v1.12.1 software. The vulnerability allows remote attackers to execute code on the vulnerable application. The vulnerability is located in the `svn.exe` module of the software. Remote attackers can execute code on the vulnerable application to compromise the application or connected system.
There is no CSRF nonce check performed in 'POST /wp-admin/admin-ajax.php?action=wpdm_save_email_setting' and 'POST /wp-admin/edit.php?post_type=wpdmpro&page=templates&_type=email&task=EditEmailTemplate&id=default' requests, allowing an attacker to modify the email template settings and inject malicious content.
Vulnerable code is in line 171 in file site/models/customfields.php, where an attacker can inject malicious SQL code into the 'child' parameter of the 'customfields.datafordepandantfield' task of the 'com_jsjobs' component. An example of a PoC is provided using sqlmap.py.
PowerShell can potentially execute arbitrary code when running specially named scripts due to trusting unsanitized filenames. This occurs when '.ps1' files contain semicolons ';' or spaces as part of the filename, causing the execution of a different trojan file; or the running of unexpected commands straight from the filename itself without the need for a second file. For trojan files it doesn't need to be another PowerShell script and can be one of the following '.com, .exe, .bat, .cpl, .js, .vbs and .wsf.'
The application fails to sanitize user input on https://sugarcrm-qms.XXX.com/mobile/error-not-supported-platform.html and reflect the input directly in the HTTP response, allowing the hacker to exploit the vulnerable parameter and have malicious content executed in the victim's browser. Attacker will craft a malicious payload and create a legitimate link with the payload included; Attacker will send the link to the victim; Upon clicking on the link, the malicious payload will be reflected in the response and executed in the victim’s browser.
This script exploits the SQL vulnerability in Azorult 3.3.1 Dashboard. It sends a malicious request to the target URL with a crafted payload that contains the GUID and XOR key. The payload is then XOR encrypted and base64 encoded. The response contains the login and password of the target.
This script exploits the Remote Code Execution/SQL vulnerability in Agent Tesla Dashboard. It sends a malicious payload to the server_side/scripts/server_processing.php endpoint, which is then executed on the server.
This exploit is a privilege escalation vulnerability in Steam Client Service. It allows an attacker to gain SYSTEM privileges by replacing the ImagePath registry key of the msiserver service with a malicious payload. The malicious payload is then executed with SYSTEM privileges.
The Frame::setDocument() function calls Document::prepareForDestruction, which might trigger JavaScript execution via a nested frame's 'unload' event handler. The m_documentIsBeingReplaced flag is used to prevent the execution of the 'unload' event handler.
Services By CQR