A local file inclusion bug was discovered on the Wordpress Loco Translate (Version 2.2.1) Plugin. This bug can be exploited by any user who has access to the plugin with the access levels ranging from subscriber to admin. Exploitation of the bug abuses the template editing functionality of the plugin and the file-view action, this allows a user to access any system file and view its contents. Exploitation can be done via two main methods, either using (..%2F..%2F..%2F..%2Fetc%2Fpasswd) or directly calling the file via file path (/etc/passwd).
A local file inclusion bug was discovered on the Wordpress Anti-Malware Security and Bruteforce Firewall (Version 4.18.63) plugin. This bug affects the file scan functionality of the plugin and can be exploited by any authenticated user (from subscriber to admin) simply by modifying the GOTMLS_scan= with a base64 encoded path to the file the attacker is trying to read.
The ThomsonReuters.Desktop.Service.exe or ThomsonReuters.Desktop.exe does not properly handle a modified get request. All version prior to 2.13.0097 of Thomson Reuters Concourse and Firm Central utilize this component, thus they are affected after working with and speaking with the information security team at Thomson Reuters. By default the service listens on 6677, but is sometimes may be listening on ports 7000, 7001 or 7002. Currently, this vulnerability is only exploitable by modifying the request in the repeater module of Port Swigger's Burp suite tool. The affected component usually on port 6677 by default.
A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement (OSR) allows the compilation of JITed functions that cause type confusions between arbitrary objects. Spidermonkey can represent 'plain' objects either as NativeObject or as UnboxedObjects. NativeObjects are two pointers to type information objects, as well as inline and out-of-line properties stored in NaN-boxed form and elements. UnboxedObjects can store their properties in unboxed form, e.g. as native 32-bit integer or even 8-bit booleans. Spidermonkey can track the possible types of object properties for the purpose of type inference. Assigning a value of a different type to such a property will invalidate (or widen) the inferred type and potentially invalidate any JITed code that relied on the inferred type.
XooDigital is vulnerable to SQL injection in the 'p' parameter of the results.php page. An attacker can inject arbitrary SQL code into the 'p' parameter of the results.php page and execute it in the backend database. This can be exploited to bypass authentication, access, modify and delete data within the database.
XooGallery is vulnerable to multiple SQL Injections. The vulnerable parameters are gal_id, photo_id, cat_id and p. An attacker can exploit these vulnerabilities by sending malicious payloads in the vulnerable parameters. For example, in PoC 1, the payload is gal_id=29' AND 2692=2692 AND 'WCFf'='WCFf
The 'path' parameter in Rukovoditel ERP & CRM 2.4.1 is vulnerable to Reflected Cross-Site Scripting (XSS) attacks through a GET request in index.php resource. The payload used for this exploit is '"><img src=a onerror=alert("VULNERABLE")>'
An SQL injection vulnerability exists in Jettweb Php Hazır İlan Sitesi Scripti V2, which allows an attacker to execute arbitrary SQL commands via the vulnerable parameter 'kat' in the 'katgetir.php' script. The payload 'kat=1' OR NOT 1300=1300-- rwTf' can be used to exploit this vulnerability.
Type confusion vulnerability in JavaScript allows an attacker to manipulate the type of a variable, which can lead to arbitrary code execution. This vulnerability is caused by the lack of type safety in JavaScript, which allows an attacker to manipulate the type of a variable. This can lead to arbitrary code execution, as the attacker can control the execution flow of the program.
A local privilege escalation vulnerability exists in Microsoft Windows Win32k when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
Services By CQR