A denial of service vulnerability exists in SEIG Modbus 3.4 due to improper validation of user-supplied input. An attacker can send a specially crafted packet to the vulnerable server, resulting in a denial of service condition.
The InitializeNumberFormat and InitializeDateTimeFormat functions in Intl.js are used to initialize an Intl.NumberFormat object and Intl.DateTimeFormat object respectively. There are two versions of each initializer, one for WinGlob and the other for ICU. The problem is that the versions for ICU don't check whether the given object has been initialized, which allows to initialize the same object multiple times and can lead to type confusion. This vulnerability was tested on Microsoft Edge 42.17672.1000.0 and Microsoft EdgeHTML 17.17672.
This vulnerability is similar to issue 1531. The patch seems to prevent type confusion triggered from StElemI_A instructions. But the SetItem method can also be invoked through the Array.prototype.push method which can be inlineed. A proof-of-concept code is provided which shows how type confusion can be achieved with the push method in the same way used for issue 1531. The code creates an array with three elements, deletes the second element, and then calls the opt() function with the array and a value. The opt() function pushes the value to the array and sets the first element to a magic value. When the main() function is called, it creates an array with one element and calls the opt() function with the array and a magic value. When the alert() function is called, it shows the array with the magic value in the first element.
The DictionaryPropertyDescriptor::CopyFrom() method is used to copy all the fields from another descriptor to 'this'. However, it leaves some fields uncopied, such as the 'IsShadowed' field which indicates that a Let or Const variable has been declared in the global object with the same name as the name of a property of the global object. This lack of copying the 'IsShadowed' field can lead to type confusion, as demonstrated in the proof-of-concept code.
The PoC is invalid JavaScript, but Chakra does parse it without any exception and generates incorrect bytecode from that.
This vulnerability is caused by the Intl object not being initialized, which triggers the initialization process which runs Intl.js without caring about the ImplicitCallFlags flag. The PoC redefines Map.prototype.get to intercept the execution of Intl.js, and arr[0] is set to an empty object. This can lead to type confusion and arbitrary code execution.
This exploit takes advantage an unauthenticated os command injection discovered by Kyle Lovette if exploitation occurs successfully, a root shell is granted. Authors: matthew fulton and Kyle Lovett. Date: 27 May 2018. Background: Both Kyle and I found a number of vulnerabilities that we had independently reported to Asustor that Asustor hasn't acknowledge nor apparenlty fixed. After a twitter communication Kyle was kind enough to share a few details exploit created on MacOS system, python 2.7.10, may port to metasploit module soon.
A vulnerability in the Paramiko SSH library allows an attacker to bypass authentication by sending an invalid username. This vulnerability is due to the library not properly handling invalid usernames. An attacker can exploit this vulnerability by sending an invalid username to the SSH server. If the server is using the Paramiko library, the authentication will be bypassed and the attacker will be able to access the server.
This exploit is a golang edition of the Mikrotik WinBox 6.42 Credential Disclosure vulnerability. It allows an attacker to gain access to the user credentials of a Mikrotik router by sending a malicious packet to the router. The exploit was discovered by Maxim Yefimenko and was tested on Fedora 28, Debian 9, Windows 10, and Android.
Multiple SQL injection vulnerabilities have been identified in the REST web service API. An attacker who obtains a valid API key that is granted a necessary permission could successfully perform an attack to extract information from the database. Multiple stored cross-site scripting vulnerabilities have been identified across multiple functions in the application, which allows an authenticated attacker to insert a malicious script into the application. Multiple cross-site request forgery vulnerabilities have been identified across multiple functions in the application, which allows an attacker to perform malicious actions on behalf of the victim.
Services By CQR