There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.
An issue was discovered in Sitecore CMS that affects at least 'Sitecore.NET 8.1' rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a 'sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file=' URI. Validation is performed to ensure that the text passed to the 'file' parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional 'dot dot' style attack.
An XSS vulnerability exists in Subrion CMS version 4.2.1 due to improper validation of user-supplied input. An attacker can exploit this vulnerability by creating a file with XSS payload, saving it with .html extension, and uploading it via CKEditor manager and executing the file.html.
FortiDriver is a kernel-mode driver installed with FortiClient, a security suite developed by Fortinet. A vulnerability in FortiDriver allows an attacker to gain elevated privileges on the system. The vulnerability exists due to the driver not properly validating user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted IOCTL request to the driver. This can allow the attacker to gain elevated privileges on the system.
This module attempts to gain root privileges on Linux systems by abusing UDP Fragmentation Offload (UFO). This exploit targets only systems using Ubuntu (Trusty / Xenial) kernels 4.4.0-21 <= 4.4.0-89 and 4.8.0-34 <= 4.8.0-58, including Linux distros based on Ubuntu, such as Linux Mint. The target system must have unprivileged user namespaces enabled and SMAP disabled. Bypasses for SMEP and KASLR are included. Failed exploitation may crash the kernel. This module has been tested successfully on various Ubuntu and Linux Mint systems, including: Ubuntu 14.04.5 4.4.0-31-generic x64 Desktop; Ubuntu 16.04 4.8.0-53-generic; Linux Mint 17.3 4.4.0-89-generic; Linux Mint 18 4.8.0-58-generic
The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to access arbitrary files from the filesystem with the same permission as the user account running Plex, initiate SMB connections to capture NetNTLM challenge/response and crack to clear-text password, and initiate SMB connections to relay NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to access arbitrary files from the filesystem with the same permission as the user account running Vuze, initiate SMB connections to capture NetNTLM challenge/response and crack to clear-text password, and initiate SMB connections to relay NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
A stored cross-site scripting vulnerability exists in PHP Template Store Script 3.0.6. An attacker can inject malicious JavaScript code into the Address Line 1, Address Line 2, Bank Name, and A/C Holder Name fields of the Personal Information page, which will be executed when the victim views the page. This can be used to steal the victim's session cookie and take over their account.
AgataSoft Auto PingMaster 1.5 is vulnerable to a Denial of Service attack when a maliciously crafted input is sent to the 'Host name' field. This causes the application to crash.
This exploit is used to bypass the authentication of Seq 4.2.476 and below versions. It uses a PUT request to the '/api/settings/setting-isauthenticationenabled' endpoint with a payload of {'Name':'isauthenticationenabled','Value':false,'Id':'setting-isauthenticationenabled','Links':{'Self':'api/settings/setting-isauthenticationenabled','Group':'api/settings/resources'}}. If the request is successful, the authentication is bypassed.
Services By CQR