A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges (CVE-2018-14665). This exploit variant triggers the bug in the -modulepath command line switch to load a malicious X11 module in order to escalate privileges to root on vulnerable systems.
netBooter suffers from an authentication bypass vulnerability due to missing control check when calling webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create admin user account and bypass authentication giving her the power to turn off a power supply to a resource.
This script will calculate the website session cookie, which is static after every reboot. After retrieving the cookie, various website actions are possible (including a DoS).
When hoisting a function onto the outer scope, if it overwrites the iteration variable for a for-in loop it should invalidate the corresponding ForInContext object, but it doesn't. As a result, an arbitrary object can be passed as the property variable to the op_get_direct_pname handler which uses the property variable directly as a string object without any check.
This vulnerability occurs when the code always assumes that the current instruction is an op_call instruction, but it can be reached from op_get_by_id or op_get_by_val instructions using getters. As an op_get_by_val instruction is smaller than an op_call instruction in size, this can lead to an Out-of-bounds Read. The PoC code demonstrates how an attacker can exploit this vulnerability.
When a for-in loop is executed, a JSPropertyNameEnumerator object is created at the beginning and used to store the information of the input object to the for-in loop. Inside the loop, the structure ID of the 'this' object of every get_by_id expression taking the loop variable as the index is compared to the cached structure ID from the JSPropertyNameEnumerator object. If it's the same, the 'this' object of the get_by_id expression will be considered having the same structure as the input object to the for-in loop has. The problem is, it doesn't have anything to prevent the structure from which the cached structure ID from being freed. As structure IDs can be reused after their owners get freed, this can lead to type confusion.
Arm Whois 3.11 is vulnerable to a buffer overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted payload to the vulnerable application, which can lead to arbitrary code execution. This vulnerability affects Windows Vista Ultimate SP1 x86 unpatched.
This exploit has been tested against ELBA5 version 5.7.1 to 5.8.0. It can be used to remotely obtain code execution on the ELBA5 server with full SYSTEM level permissions. Additionally, a backdoor user can be added.
A directory traversal vulnerability exists in Zyxel VMG1312-B10D 5.13AAXA.8. An attacker can send a specially crafted HTTP request to the vulnerable device to view the contents of the /etc/passwd file.
No-CMS is a CMS-framework. No-CMS is a basic and 'less-assumption' CMS with some default features such as user authorization (including third party authentication), menu, module and theme management. It is fully customizable and extensible, you can make your own module and your own themes. It provide freedom to make your very own CMS, which is not provided very well by any other CMS. The vulnerability is a SQL injection vulnerability in the 'order_by' parameter, which can be exploited by sending a specially crafted POST request with malicious SQL code in the 'order_by' parameter.
Services By CQR