QuickLook is a widely used feature in macOS/iOS which allows you to preview various formats such as pdf, docx, pptx, etc. The way it uses to show office files is quite interesting. First it parses the office file and converts it to HTML code using OfficeImport and renders it using WebKit. The problem is, it doesn't filter the names of fonts when generating HTML code from them. We can abuse it to inject arbitrary JavaScript code. Namely, we can execute arbitrary JavaScript code via an office file.
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
Versions 1 and 2 of Microsoft Enterprise Mode Site List Manager allow local file exfiltration to a remote attacker controlled server, if the user is tricked into using an attacker supplied '.emie' site list manager file type.
This module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kerneles, resulting in unexpected behavior for #DB excpetions that are deferred by MOV SS or POP SS. This module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution.
Ahmethan-Gultekin - t4rkd3vilz discovered a Cross-Site Request Forgery vulnerability in Grundig Smart Inter@ctive 3.0. The vulnerability allowed an attacker to send malicious requests to the application from a computer with the same IP address as the TV and the phone. The attacker could then gain access to the interface from the 8085 port.
Due to the Via WebDAV (Web Distributed Authoring and Versioning), on the remote server, Cela Link CLR-M20 allows unauthorized users to upload any file(e.g. asp, aspx, cfm, html, jhtml, jsp, shtml) which causes remote code execution as well. Due to the WebDAV, it is possible to upload the arbitrary file utilizing the PUT method.
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
The email contact functionality of the widget "formmailer" can upload files to the server but if the user uploads a PHP script with a .php extension then the server will rename it to .phps to prevent PHP code exec. However, the server does not check the content of the file and if the uploaded file contains PHP code, the code will be executed. An attacker can also send a crafted request to the server and the server will respond with the content of the requested file.
Multiple vulnerabilities were found in the Q'center Virtual Appliance web console that would allow an attacker to execute arbitrary commands on the system.
Multiple attack vectors in WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1 allow remote code execution. The vulnerable version is FW 01 - 01.01.10(01) and the fixed version is FW 02. The CVEs associated with this vulnerability are CVE-2018-12979, CVE-2018-12980, and CVE-2018-12981.
Services By CQR