Ajera is a software written in .NET by Deltek. Version <= 9.10.16 allows an attacker to cause the software to deserialize untrusted data that can result in remote code execution. Secure/SAService.rem in Deltek Ajera Timesheets <= 9.10.16 are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application.
An attacker can access all data following an un/authorized user login using the parameter. The payloads used are Error Based, Time-Based Blind and Stacked Queries.
The vulnerability allows anyone to register with Administrator role which can easily be turned into RCE. Steps to reproduce: 1. Go to the registration form, input random fake values, trigger Burp Suite and click submit. 2. The POST data will look similar to following: redirect_uri-701=&_myuserpro_nonce=xxxxxx&_wp_http_referer=%2F&unique_id=701&user_login-701=USERNAME&user_email-701=USERNAME@EMAIL.COM&user_pass-701=PASSWORD&user_pass_confirm-701=PASSWORD&display_name-701=&profilepicture-701=&country-701=&facebook-701=&twitter-701=&google_plus-701=&user_url-701=&terms=on&action=userpro_process_form&template=register&group=default&shortcode=xxxxxxxxxxxxxxxxxxxxxxxxxxx. Adding following extra parameter in POST data will register the user with Administrator privileges: role-701=administrator. So the modified POST data will look similar to following: role-701=administrator&redirect_uri-701=&_myuserpro_nonce=xxxxxx&....snip....snip.... 3. Forward the POST data in Burp Suite and you will get redirect to /wp-admin/
PLC Wireless Router's are vulnerable to a Reflected Cross Site Scripting (XSS).With this attack, the threat actor can steal cookies, session id, username or other sensitive information redirect an innocent victim to a malicious website, thus compromising the user.
OUGC Awards plugin for MyBB forum allows admins and moderators to grant awards to users which displays on profiles/posts. The reason input isn't sanitized on awards page and user profiles. Have a mod account level or higher, go to Manage Awards in ModCP, give an award to a user and input payload for reason <script>alert('XSS')</script> Payload executes when viewing award on awards.php and user profiles.
LayerBB is a free open-source forum software. The XSS found allows users to add a payload to the title of conversations (PMs). Start a new conversation sending to any user (victim) you want and use a payload in the title <script>alert('XSS')</script>. Next time the user (victim) visits the site payload will execute.
Access violation while reading memory at 0x2D0 using a NULL ptr edgehtml!CSelectElement::SetItem+0x190
All in One Video Downloader 1.2 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information such as user credentials, database name, and version. This vulnerability can be exploited by sending a maliciously crafted SQL query to the vulnerable parameter 'id' in the 'view=page-edit' page. The attacker can use the UNION SELECT statement to retrieve the sensitive information from the database.
The vulnerability is caused by the JSArray::shiftCountWithArrayStorage method not properly checking for arrays with holes. By setting the length of an array to 0xfffffff0 and then splicing it, the hasHoles method will return false, leading to OOB reads/writes in the JSArray::unshiftCountWithArrayStorage method.
The AbstractValue::set() method in JavaScriptCore allows a Use-After-Free vulnerability due to the fact that it works out m_arrayModes using structure->indexingType() instead of structure->indexingMode(). As structure->indexingType() masks out the CopyOnWrite flag, which indicates that the butterfly of the array is immutable, needing copy-on-write, the wrong information about the array can be propagated. As a result, it's able to write into the immutable butterfly (JSImmutableButterfly) of a CoW array. And this can lead to UaF as writing into an immutable butterfly can be used to bypass write barriers.
Services By CQR