Wikidforum 2.20 is vulnerable to Cross-Site Scripting (XSS) via the 'reply_text' POST parameter. A logged in user can post a comment containing malicious JavaScript code, which will be executed in the browser of other users when they view the comment.
Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet.
By the Way is an exploit coded in C++ that enables a root shell on Mikrotik devices running RouterOS versions: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3. The exploit leverages the path traversal vulnerability CVE-2018-14847 to extract the admin password and create an 'option' package to enable the developer backdoor. Post exploitation the attacker can connect to Telnet or SSH using the root user 'devel' with the admin's password.
Ektron CMS 9.20 SP2 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins). Pre-requisites: curl command deployed (Windows or Linux) and Burpsuite Free/Pro deployed or any other WebProxy to catch/send GET request.
A buffer overflow vulnerability exists in FileZilla 3.33, which could allow an attacker to execute arbitrary code on the target system. The vulnerability is due to a lack of proper validation of user-supplied input when handling FTP commands. An attacker can exploit this vulnerability by sending a specially crafted FTP command to the target system. Successful exploitation of this vulnerability could result in arbitrary code execution on the target system.
The BailOutOnInvalidatedArrayHeadSegment check uses the JavascriptArray::GetArrayForArrayOrObjectWithArray method to check whether the given object is an array. Since wrapping an object with the CrossSite class replaces the vtable of the object, this can be used to bypass it. The PoC code shows how an attacker can use this vulnerability to bypass the BailOutOnInvalidatedArrayHeadSegment check and perform in-place type conversion.
A SQL injection vulnerability exists in Wikidforum 2.20. An attacker can send a malicious SQL query to the vulnerable parameter 'message_id' in 'index.php' to execute arbitrary SQL commands in the application's database.
Wikidforum 2.20 is vulnerable to SQL injection in the POST parameters 'select_sort', 'parent_post_id', and 'num_records'. An attacker can send malicious SQL queries to the application to gain access to unauthorized data.
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UEB v9 runs the api under root privileges and api/storage is vulnerable. UEB v10 runs the api under limited privileges and api/hosts is vulnerable.
Android used to use a FUSE filesystem to emulate external storage, but nowadays an in-kernel filesystem called 'sdcardfs' is used instead. In sdcardfs_create() and sdcardfs_mkdir(), the following code is used to temporarily override the umask while calling into the lower filesystem: 'temporarily change umask for lower fs write', however, this is wrong and the umask should be restored before calling into the lower filesystem.
Services By CQR