A vulnerability in ASUS DSL-N12E_C1 1.1.2.3_345 allows an attacker to execute arbitrary commands on the device by sending a specially crafted HTTP request. The vulnerability exists due to insufficient validation of user-supplied input in the ‘cmdMethod’ parameter of the ‘Main_Analysis_Content.asp’ page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the vulnerable device.
The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to access arbitrary files from the filesystem with the same permission as the user account running UMS, initiate SMB connections to capture NetNTLM challenge/response and crack to clear-text password, and initiate SMB connections to relay NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
Endpoint Protector suffers from an authenticated command injection vulnerability. By default the username and password are : root:epp2011. In the Appliance Tab, Server Maintenance the NTP Server field is vulnerable to command injection. There is a call to sh -c {NTP Server field} which is not validated. Attached is the exploit which does this automatically.
There is a program named PCE.py which runs as root and starts a unix domain socket listener in /tmp/PCEListener. The problem is that the permissions in this socket are misconfigured. Every user on the system can interact with it. Using this exploit you can add arbritary ssh keys to authorized_keys for the admin user and login as the admin.
The vulnerability allows an attacker to inject sql commands from the search section with 'search_field' parameter in the management panel.
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account by modifying user's data such as email and password. To exploit this vulnerability, victim need to be logged in at target site namely victim.com and visit crafted site made by attacker namely attacker.com. Then an authenticated POST request will be generated from victim browser and it will be submit to victim.com to modify user's data to attacker desired value.
Sun Opensolaris <= snv_104 local kernel root exploit by mu-b - Sun 21 Dec 2008. This exploit uses a vulnerable ioctl call to gain root access. It uses the SDBC_TEST_INIT ioctl call to overwrite the syscall table and set the setuid syscall to a custom function which sets the uid to 0.
Type confusion can occur when processing a H264 packet. In the method PacketBuffer::FindFrames in modules/video_coding/packet_buffer.cc there is a loop on line 296 that goes through the data_buffer_ vector backwards. The flag is_h264 is set before this loop, and if it is true, the loop extracts and sets h264 struct specific data in each packet of the buffer. This flag is not updated for each packet. So if a number of non-h264 packets are followed by a h264 packet, a VP8 or VP9 packet can be treated at a h264 check, allowing several bounds checks to be bypassed.
There is a use-after-free in VP8 block decoding in WebRTC. The contents of the freed block is then treated a pointer, leading to a crash in WebRTC.
Allok Fast AVI MPEG Splitter 1.2 is vulnerable to a SEH overwrite vulnerability. This vulnerability can be exploited by an attacker to execute arbitrary code in the context of the application. The vulnerability is triggered when a specially crafted license key is entered into the application. This causes the application to crash and allows an attacker to overwrite the SEH handler with arbitrary code.
Services By CQR