Cross-Site Scripting issues affecting multiple fields in the workflow module under job edit form by injecting javascript code in the Arguments, Invocation String, and File Extension field, the input from these fields are rendered in the Execution Preview which is the sink of this vulnerability.
A buffer overflow vulnerability exists in CloudMe Sync v1.11.2 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This exploit is a port of the original exploit for CloudMe Sync v1.11.2 to WoW64. It uses a ROP chain to bypass DEP and execute shellcode.
Send a URL on wise chat with a malicious HTML code which silently redirects the parent tab to a phishing site to try gain credentials for users.
During a fuzz session using 'AFL', a heap use after free vulnerability was found in lua 5.3.5. The function 'lua_upvaluejoin' in file lapi.c at line 1287 suffers from a use after free bug when supplied the same function for parameter f1 and f2 and the same upvalue index. The bug is only triggered when the upvalue is closed, as the 'luaC_upvdeccount' function found in file lgc.c at line 678 will decrement the refcount and then free the upvalue if the refcount is zero and if the upvalue is closed.
Green CMS 2.x is vulnerable to arbitrary file & directory download. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to download any file or directory from the server.
The router's web interface enables users to generate new X.509 certificates directly on the device. A user may enter typical configuration parameters required for the certificate, such as organisation, the common name and so on. In order to generate the certificate, the device uses the command-line program openssl. The device's firmware uses the following format string to assemble the openssl command: 'openssl req -new -nodes -subj '/C=%s/ST=%s/L=%s/O=%s/OU=%s/CN=%s/emailAddress=%s' -keyout %s%s.key -sha256 -out %s%s.csr -days %s -newkey rsa:%s > /dev/null 2>&1'. Although the web interface filters certain special characters via JavaScript, there is actually no input filtering, escaping or encoding happening on the server. This allows attackers to inject arbitrary commands.
PostScript is a programming language used to create documents for printing. It is vulnerable to subroutine injection, which is a type of attack that allows an attacker to inject malicious code into a subroutine. This can be done by changing the dictstack, which is similar to variable scope in other languages. This can allow an attacker to execute arbitrary code on the system, leading to a complete compromise.
This module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer (ASan). ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The `log_path` option can be set using the `ASAN_OPTIONS` environment variable, allowing clobbering of arbitrary files, with the privileges of the setuid user. This module uploads a shared object and sprays symlinks to overwrite `/etc/ld.so.preload` in order to create a setuid root shell.
This exploit allows an attacker to perform a CSRF attack on the Zyxel NBG-418N v2 Modem. The attacker can craft a malicious HTML page that contains a form with the username and password fields pre-filled with the credentials of the admin user. When the victim visits the malicious page, the form will be automatically submitted and the attacker will gain access to the modem.
An attacker can access all data following an un/authorized user login using the parameter 'bid' in the POST request URL http://localhost/impress/modules/system/admin.php?bid=12. The type of attack is a time-based blind SQL injection.
Services By CQR