Attackers or malwarez that can access the system hosting the OfficeScan XG AV, can bypass the antivirus protection feature that prevents unauthorized changes from being made like killing protected OfficeScan XG processes such as 'PccNTMon.exe'. The exploit requires Admin permissions to exploit.
libephymain.so in GNOME WEB/Epiphany < 3.28.2.1 allows a remote attacker to cause a Denial Of Service and crash the users browser. The cause of this is the "document.write"
Monstra CMS version 3.0.4 and earlier is vulnerable to Cross-Site Scripting. An attacker can exploit this vulnerability by intercepting the first request through a proxy tool to verify the CSRF token and then sending a malicious script to the target. This can be done by sending a POST request to the target with the malicious script in the 'page_title' parameter.
An issue was discovered in WampServer 3.0.6 which allows a remote attacker to force any victim to add or delete virtual hosts. Add virtual hosts exploit: An HTML form is used to send a POST request to the vulnerable add_vhost.php page with the parameters vh_name, vh_ip, and vh_folder. Delete virtual hosts exploit: An HTML form is used to send a POST request to the vulnerable add_vhost.php page with the parameter virtual_del[] set to the name of the virtual host to be deleted.
mptcp_usr_connectx is the handler for the connectx syscall for the AP_MULTIPATH socket family. The logic of this function fails to correctly handle source and destination sockaddrs which aren't AF_INET or AF_INET6. This PoC triggers the issue to overwrite the mpte_itfinfo field leading to a controlled pointer being passed to kfree when the socket is closed.
nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService. It calls task_deallocate without locking. Two threads can race calling this external method to drop two task references when only one is held. Note that the repro forks a child which give the nvAccelerator a different task otherwise the repro is more likely to leak task references than panic.
A Cross-Site Request Forgery (CSRF) vulnerability exists in Jenkins mailer plugin versions below 1.20, which allows attackers to send malicious emails to arbitrary recipients. This vulnerability is due to insufficient CSRF protection in the mailer plugin. An attacker can exploit this vulnerability by tricking a user into clicking a malicious link or sending a malicious request to the Jenkins server.
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.
Starting searching for printers without having a password. When you see a yellow bar with ''Configure the password'' you can take over the full printer by putting a password on it. If you want to execute the XSS you need to be loged into the web interface first. Go to the following url: http://127.0.0.1/ and login with ''admin'' as password. Intercept now the request with Burpsuite. The XSS exist in the loginerror.html?url= parameter.
This exploit allows an attacker to inject malicious code into a vulnerable Pagekit version < 1.0.13. The code generator creates a malicious SVG file which contains a script tag with the malicious code. The malicious code is then executed when the SVG file is opened.
Services By CQR