Zeeways Matrimony CMS is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information stored in the database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'up_cast', 's_mother' and 's_religion' parameters. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable parameters. The payloads used in the PoC are: (select 1 and row(1,1)>(select count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(117),CHAR(82),CHAR(120),CHAR(106),CHAR(69),CHAR(48),CHAR(117),CHAR(107)),floor(rand()*2))x from (select 1 union select 2)a group by x limit 1)), (select 1 and row(1%2C1)>(select count(*)%2Cconcat(concat(CHAR(52)%2CCHAR(67)%2CCHAR(117)%2CCHAR(113)%2CCHAR(82)%2CCHAR(106)%2CCHAR(97)%2CCHAR(51)%2CCHAR(113)%2CCHAR(122)%2CCHAR(116))%2Cfloor(rand()*2))x from (select 1 union select 2)a group by x limit 1)) and (select 1 and row(1,1)>(select count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(50),CHAR(86),CHAR(74),CHAR(77),CHAR(54),CHAR(109),CHAR(84),CHAR(73)),floor(rand()*2))x from (select 1 union select 2)a group by x limit 1)) respectively.
The Zeeways Jobsite CMS is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable parameter 'id' in the URL. The payloads used in the PoC are: id=-5236" OR 1 GROUP BY CONCAT(0x716a627871,(SELECT (CASE WHEN (5640=5640) THEN 1 ELSE 0 END)),0x71626b6271,FLOOR(RAND(0)*2)) HAVING MIN(0)#
The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user which results in the elevated process sharing resources such as COM registrations with the normal user who can modify the registry to force an arbitrary DLL to be loaded into the VMX process.
The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user and follows the common pattern of impersonating the user while calling CreateProcessAsUser. This is an issue as the user has the ability to replace any drive letter for themselves, which allows a non-admin user to hijack the path to the VMX executable, allowing the user to get arbitrary code running as a “trusted” VMX process. While having an elevated integrity level isn’t especially dangerous, the fact that arbitrary code is running as a “trusted” VMX process means you can access all the facilities for setting up VMs, such as the “opensecurable” command which allows the process to open almost any file as SYSTEM for arbitrary read/write access which could easily be used to get administrator privileges. Write file write access you could perform an attack similar to https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html.
Jettweb PHP Hazır Haber Sitesi Scripti V3 is prone to multiple vulnerabilities, including SQL injection and authentication bypass. An attacker can exploit these vulnerabilities to gain access to sensitive information, inject malicious code into the application, and execute arbitrary commands in the context of the application. The SQL injection vulnerabilities exist in the 'fonksiyonlar.php' script, the 'kelimeara' script, and the 'datagetir.php' script. The authentication bypass vulnerability exists in the 'login.php' script.
The program has Local Buffer Overflow in several places. This technique (EggHunter) has been used to run vulnerability in different windows versions. Steps: 1- Run python code: X-NetStat.py (Three files are created); 2- App --> Tools --> HTTP Client --> paste in contents from the egg.txt into 'URL' --> Enter --> Close HTTP Client window; 3- Rules --> Add New Rule --> Actions --> paste in contents from the egghunter-winxp-win7.txt or egghunter-win10.txt (depend on your windows version) into 'Run Program' --> Ok --> Wait a litle --> Shellcoooooooode!
A CouchDB server hosts named databases, which store documents. Each document is uniquely named in the database, and CouchDB provides a RESTful HTTP API for reading and updating (add, edit, delete) database documents.
Snap uses a seccomp filter to prevent the use of the TIOCSTI ioctl. In the X86-64 version of the compiled seccomp filter, this results in the following BPF bytecode. This bytecode performs a 64-bit comparison; however, the syscall entry point for ioctl() is defined with a 32-bit command argument in the kernel. This means that setting a bit in the high half of the command parameter will circumvent the seccomp filter while being ignored by the kernel.
Meeplace Business Review Script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious payload to the vulnerable parameter 'id' in the 'addclick.php' script. The payload '&id=1 RLIKE (SELECT * FROM (SELECT(SLEEP(5)))qcFZ)' can be used to exploit this vulnerability.
Matrimony Website Script is vulnerable to multiple SQL Injection attacks. Attackers can inject malicious SQL queries via vulnerable parameters such as txtGender, religion, Fage, cboCountry, etc. in the requests sent to the server. This can allow attackers to access sensitive information from the database.
Services By CQR