Blue Angel Software Suite, an application that runs on embedded devices for VOIP/SIP services is vulnerable to an authenticated command execution in ping command. All default accounts can be used to login and achieve command execution, including the guest one. Moreover there's another account, defined in the local file device.dat, that provides an apparently 'backdoor' account.
An authentication bypass vulnerability exists in the Instagram Auto Follow - Autobot Instagram application, which allows an attacker to gain access to the application by providing a username of 'admin' or '1'='1' and a password of 'admin' or '1'='1'
A vulnerability in Barco/AWIND OEM Presentation Platform allows an unauthenticated attacker to execute arbitrary commands on the target device. This vulnerability is due to improper input validation of user-supplied data. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target device.
This module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secret_key_base, and can be easily extracted by visiting an invalid resource for a path. As a result, this allows a remote user to create and deliver a signed serialized payload, load it by the application, and gain remote code execution.
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the 'Domain' field on the 'DNS Functions > 'Add DNS Zone' screen. To exploit this vulnerability, an attacker must login into the CentOS Web Panel using admin credentials, navigate to 'DNS Functions' > 'Add DNS Zone', and enter a malicious payload into the 'Domain' field. Upon clicking 'Add DNS Zone', the payload will be executed.
This module exploits a PHP unserialize() in Pimcore before 5.7.1 to execute arbitrary code. An authenticated user with 'classes' permission could exploit the vulnerability. The vulnerability exists in the 'ClassController.php' class, where the 'bulk-commit' method makes it possible to exploit the unserialize function when passing untrusted values in 'data' parameter. Tested on Pimcore 5.4.0-5.4.4, 5.5.1-5.5.4, 5.6.0-5.6.6 with the Symfony unserialize payload. Tested on Pimcore 4.0.0-4.6.5 with the Zend unserialize payload.
This module will execute an arbitrary payload on an 'ESEL' server used by the AIS logistic software. The server typically listens on port 5099 without TLS. There could also be server listening on 5100 with TLS but the port 5099 is usually always open. The login process is vulnerable to an SQL Injection. Usually a MSSQL Server with the 'sa' user is in place. This module was verified on version 67 but it should also run on lower versions. An fixed version was created by AIS in September 2017. However most systems have not been updated. In regard to the payload, unless there is a closed port in the web server, you dont want to use any 'bind' payload. You want a 'reverse' payload, probably to your port 80 or to any other outbound port allowed on the firewall. Currently, one delivery method is supported. This method takes advantage of the Command Stager subsystem. This allows using various techniques, such as using a TFTP server, to send the executable. By default the Command Stager uses 'wcsript.exe' to generate the executable on the target.
A race condition vulnerability exists in elf_core_dump() due to the introduction of userfaultfd_release() in v4.3. This function can call vma_merge() on another task's VMAs while holding the corresponding mmap_sem for writing, which can cause VMAs to disappear from under elf_core_dump(). This can lead to a denial-of-service attack.
A vulnerability in SpotAuditor 5.2.6 allows an attacker to cause a denial of service (DoS) condition by sending a specially crafted input to the 'Name' field when registering the application. This can be exploited by an attacker to crash the application.
Agent Tesla Botnet is vulnerable to an Information Disclosure Vulnerability due to the lack of authentication and authorization checks in the server_processing.php script. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable script with the table, primary and clmns parameters set to extract full passwords and keystrokes from the server.
Services By CQR