FusionPBX is vulnerable to Command Injection RCE via XSS. An attacker can encode an XSS payload that will be injected into the “Caller ID Number” field, or “User” component of the SIP “From” URI. Then, the attacker can connect to external SIP profile port and send a SIP INVITE packet with XSS payload injected into the From Field. The XSS payload will fire operator panel screen (CVE-2019-11408), which is designed to be monitored constantly by a call center operator. Once XSS code executes, a call is made to the exec.php script (CVE-2019-11409) with a reverse shell payload that connects back to a netcat listener on the attacker system.
This module exploits an arbitrary command execution vulnerability in Webmin 1.910 and lower versions. Any user authorized to the 'Package Updates' module can execute arbitrary commands with root privileges.
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the “url” parameter of the JSP taglib call <liferay-ui:captcha url=”<%= url %>” /> or <liferay-captcha:captcha url=”<%= url %>” />. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability.
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
ProShow v9.0.3797 is vulnerable to a local exploit which allows an attacker to execute arbitrary code on the target system. The exploit involves creating a file called 'load' and copying it to the ProShow Producer directory. When the ProShow.exe is executed, the malicious code is executed and a connection is established with the attacker's machine on port 4444.
This exploit is a privilege escalation vulnerability in LXD Alpine Builder. It allows an attacker to gain root access to the victim machine by running a malicious script. The attacker first downloads the build-alpine script from the GitHub repository and runs it as root user. Then, the attacker creates a container using the malicious script and adds a device to the container with the source set to the root directory of the victim machine. Finally, the attacker executes the script and gains root access to the victim machine.
During a code review of the latest changes in the Exim mail server, an RCE vulnerability was discovered in versions 4.87 to 4.91 (inclusive). In this particular case, RCE means Remote *Command* Execution, not Remote Code Execution: an attacker can execute arbitrary commands with execv(), as root; no memory corruption or ROP (Return-Oriented Programming) is involved. This vulnerability is exploitable instantly by a local attacker (and by a remote attacker in certain non-default configurations). To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes). However, because of the extreme complexity of Exim's code, it cannot be guaranteed that this exploitation method is unique; faster methods may exist.
Vim before 8.1.1365 and Neovim before 0.3.6 are vulnerable to arbitrary code execution via modelines by opening a specially crafted text file.
This proof-of-concept (POC) demonstrates a vulnerability in Nvidia GeForce Experience that allows an attacker to execute arbitrary OS commands via a web browser. The vulnerability exists in the autoGFEInstall endpoint, which is accessible without authentication. The endpoint accepts a parameter containing the command to be executed, which is then passed to a system call. An attacker can exploit this vulnerability by sending a specially crafted request to the endpoint, which will execute the command specified in the request.
This module exploits a command injection vulnerability in the open source network management software known as LibreNMS. The community parameter used in a POST request to the addhost functionality is unsanitized. This parameter is later used as part of a shell command that gets passed to the popen function in capture.inc.php, which can result in execution of arbitrary code.
Services By CQR