A type confusion has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash the process or leak information from the client system via calendar replies.
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.
This script is a proof of concept to bypass the User Access Control (UAC) via SluiFileHandlerHijackLPE. It creates a registry structure, performs the bypass, and then removes the registry structure.
Netperf 2.6.0 is a benchmark tool developed by Hewlett Packard that can be used to measure the performance of many different types of networking. It provides tests for both unidirectional throughput and end-to-end latency. A buffer overflow vulnerability exists in the program, which can be exploited by an attacker to execute arbitrary code on the target system. The attacker can craft a malicious payload with a length of 8220 bytes, followed by the address 0x41424344, which will overwrite the EIP register and cause a segmentation fault. This can be used to gain control of the program flow and execute arbitrary code.
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. This is a local privilege escalation exploit for 'The Return of the WIZard' vulnerability reported by the Qualys Security Advisory team.
An attacker can send a malicious request to the HC.Server service on port 8794 to cause an Invalid Pointer Write DoS. This can be used to trigger the services failure flag recovery options, which can be set to run a malicious program with SYSTEM privileges.
An attacker on the local network has unauthenticated access to the internal SD card via HTTP service on port 8000. The HTTP web server on the camera allows an attacker to download video archive recorded and saved on the external memory card attached. An attacker on the network can login remotely to the camera and gain root access. The device ships with hard-coded credentials, accessible from a telnet login prompt using credentials username: 'root' and password: '12345678'. Using a packet sniffer, an attacker on the same network can capture data packets and view captured user login password MD5 hash. A weak password can be cracked and used to login to the user account.
RedwoodHQ doesn't require that MongoDB is installed on the machine because this tool have her own Mongo Launcher. The problem is that this vendor database doesn't require any authentication to read her data. So, an attacker can use the same syntax that the Framework uses to create an admin user on the database and access the tool.
This exploit is used to gain root access on systems with misconfigured ptrace_scope. It checks if the ptrace_scope is set to 0 and if GDB is installed. If both conditions are met, it starts the attack by ptrace the shell process and spawns a root shell.
Authentication is needed for this exploit. An attacker needs to login to Sitecore 8.0 revision 150802's Admin section. When choosing to Serializeusers or domains in the admin UI, calls to /sitecore/shell/~/xaml/Sitecore.Shell.Applications.Dialogs.Progress.aspx will include a CSRFTOKEN parameter. By replacing this parameter with a URL-encoded, base64-encoded crafted payload from ysoserial.net, an RCE is successful.
Services By CQR