A denial of service vulnerability exists in NSauditor 3.1.2.0 when the 'Community' field is supplied with a large amount of data. An attacker can leverage this vulnerability to crash the application.
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell.
AnMing MP3 CD Burner 2.0 is vulnerable to a denial of service attack when a maliciously crafted file is opened. An attacker can exploit this vulnerability by creating a file with a large number of 'A' characters and then opening it in AnMing MP3 CD Burner 2.0. This will cause the application to crash.
This is exploit proof of concept as XSS attempt can lead to an LFI (Local File Inclusion) attack at osTicket. There are two different XSS vulnerabilities in the 'Import' field on the Agent Panel - User Directory field. This vulnerability causes a different vulnerability. The attacker can run the malicious JS file that he uploads in the XSS vulnerability. Uploaded JS files can be called clear text. Therefore, attackers do not have to use a different server to perform an attack. Then it is possible to create 'Local File Inclusion' vulnerability too.
A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
HTML injection is an attack that is similar to Cross-site Scripting (XSS). While in the XSS vulnerability the attacker can inject and execute Javascript code, the HTML injection attack only allows the injection of certain HTML tags. When an application does not properly handle user supplied data, an attacker can supply valid HTML code, typically via a parameter value, and inject their own content into the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user's trust.
Backup Key Recovery 2.2.4 is vulnerable to a Denial of Service attack when a maliciously crafted 'Name' is supplied. This can be exploited by an attacker to crash the application, denying service to legitimate users.
HeidiSQL Portable 10.1.0.5464 is vulnerable to a denial of service attack. By running the python code HeidiSQL_Portable_10.1.0.5464.py, a file bd_p.txt is created with 2000 'A' characters. When this file is copied to the clipboard and pasted into the 'Password' field of the 'Login' window, the application crashes.
Polkit is a framework for controlling system-wide privileges in Unix-like operating systems. A vulnerability in polkit allows an attacker to bypass authentication and gain elevated privileges. This is due to the fact that polkit determines whether a session is associated with a local console by checking whether systemd-logind is tracking the session as being associated with a 'seat'. This happens through polkit_backend_session_monitor_is_session_local() in polkitbackendsessionmonitor-systemd.c, which calls sd_session_get_seat(). The check whether a session is active works similarly. systemd-logind is informed about the creation of new sessions by the PAM module pam_systemd through a systemd message bus call from pam_sm_open_session() to method_create_session(). The RPC method trusts the information supplied to it, apart from some consistency checks; that is not directly a problem, since ttys are owned by root and the PAM module is typically only called by root-owned processes.
UliCMS 2019.2 and 2019.1 are vulnerable to multiple Cross-Site Scripting (XSS) attacks. The first vulnerability is located in the 'go' parameter of the '/ulicms/admin/inc/loginform.php' file. The second vulnerability is located in the 'go' parameter of the '/ulicms/admin/inc/registerform.php' file. The third vulnerability is located in the 'error' parameter of the '/ulicms/admin/index.php' file and requires authentication. An attacker can exploit these vulnerabilities to execute arbitrary HTML and script code in the browser of the victim.
Services By CQR