Commit 82abbf8d2fc46d79611ab58daa7c608df14bb3ee, first included in v4.15, allows an unprivileged user to subtract any two values that don't have type SCALAR_VALUE, and obtain a result with type SCALAR_VALUE. This can be used to leak the kernel stack pointer by subtracting a PTR_TO_STACK and PTR_TO_MAP_VALUE_OR_NULL value.
This exploit is related to CVE-2017-11176 and is a local privilege escalation vulnerability in the Linux kernel. It is caused by a double sock_put() in the mq_notify() function. The exploit allows an unprivileged user to gain root privileges on the system. The exploit requires modifications to work on the target system.
When running 'git clone --recurse-submodules', Git parses the supplied .gitmodules file for a URL field and blindly passes it as an argument to a 'git clone' subprocess. If the URL field is set to a string that begins with a dash, this 'git clone' subprocess interprets the URL as an option. This can lead to executing an arbitrary script shipped in the superproject as the user who ran 'git clone'.
A remotely exploitable vulnerability exists in NET-SNMP, which can be exploited with knowledge of the community string (in this case 'public') leading to Denial of Service. An attacker can send a maliciously crafted packet to the vulnerable system, resulting in a crash of the system.
This exploit is a proof of concept for a denial of service vulnerability in net-snmp 5.7.3. The vulnerability is triggered by sending a specially crafted packet to the SNMP port (UDP/161). The packet contains a base64 encoded string which is decoded and sent to the SNMP port. This causes the service to crash.
PWS is a component in SecureSphere v13, which consists of Python CGIs to expose various cli utilities over https. The Python CGIs didn't properly sanitize user supplied command parameters, leading to command injection. The vulnerability could be exploited in two ways: Unauthenticated Remote Code Execution (Pre-FTL mode) and Authenticated Remote Code Execution (Gateway mode).
FLIR thermal traffic cameras suffer from an unauthenticated device manipulation vulnerability utilizing the websocket protocol. The affected FLIR Intelligent Transportation Systems - ITS models use an in-house developed websocket protocol implementation, which is vulnerable to manipulation.
FLIR thermal traffic cameras suffer from an unauthenticated and unauthorized live RTSP video stream access.
Improper input validation on the Firstname and Lastname fields allow attackers to add a persistent Cross-Site scripting attack when registering as a new user. Simply intercept a new registration request and add in the XSS in the firstname / lastname fields.
Improper input validation on the Calendar / Personal Agenda page allows attackers add a persistent Cross-Site scripting attack to the meeting's content field when adding a new meeting. Simply intercept a new meeting request and add in the XSS.
Services By CQR