A Cross-Site Scripting (XSS) vulnerability was discovered in the DIGISOL DG-HR3400 Wireless Router. By changing the SSID to a malicious script, an attacker can execute arbitrary code on the router. This can be exploited by sending a specially crafted request to the router's web interface.
A login page bypass vulnerability exists in hycus Content Management System v1.0.4. An attacker can use the payload '=' 'OR' for both username and password to bypass the login page.
HongCMS 3.0.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain administrator privileges by sending a specially crafted HTTP request to the vulnerable application. The request contains a malicious SQL query in the 'dbaction' parameter which can be used to execute arbitrary SQL commands in the back-end database.
A hardcoded service token can be used to bypass authentication. Built-in functionality can be exploited to deploy and execute a malicious deb file containing a backdoor. A weak sudoers configuration can then be abused to escalate privileges to root. A second issue can be used to deny use of the appliance by continually rebooting it.
This vulnerability allows an attacker to delete arbitrary files on a vulnerable WordPress installation. This can be done by sending a specially crafted HTTP request to the WordPress post.php page. The request must contain the action parameter set to editattachment and the _wpnonce parameter set to a valid nonce. The thumb parameter must be set to the path of the file to be deleted. After the request is sent, a second request must be sent to the same page with the action parameter set to delete and the _wpnonce parameter set to the same nonce used in the first request.
PoDoFo is vulnerable to a stack-based buffer overflow, caused by recursive functions call to each other until the stack overflow. An attacker can exploit this vulnerability by crafting a malicious PDF file with a large number of '[' characters, which can cause a denial of service condition or potentially allow arbitrary code execution.
A Blind Server-Side Request Forgery (SSRF) vulnerability was identified in Liferay Portal versions prior to 7.0.4. An attacker can exploit this vulnerability to send arbitrary requests from the vulnerable server to internal or external systems. This can be used to gain access to sensitive information or to perform malicious activities.
When KVM (on Intel) virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM (which trigger a VM exit and are emulated by L0 KVM) are coming from ring 0. This means that a normal user space program running in the L1 VM can trigger KVMs VMX emulation which gives a large number of privilege escalation vectors (fake VMCS or vmptrld / vmptrst to a kernel address are the first that come to mind). As VMX emulation code checks for the guests CR4.VMXE value this only works if a L2 guest is running. A somewhat realistic exploit scenario would involve someone breaking out of a L2 guest (for example by exploiting a bug in the L1 qemu process) and then using this bug for privilege escalation on the L1 system.
WordPress Plugin iThemes Security(better-wp-security) before 7.0.3 allows remote authenticated users to execute arbitrary SQL commands via the 'orderby' parameter in the 'itsec-logs' page to wp-admin/admin.php. Parameter orderby is vulnerable because backend variable $sort_by_column is not escaped.
WordPress Comments Import & Export plugin version 2.0.4 and before are affected by the vulnerability Remote Command Execution using CSV Injection. This allows a public user to inject commands as a part of form fields and when a user with higher privilege exports the form data in CSV opens the file on their machine, the command is executed.
Services By CQR