SQL injection on [award_id] parameter.
A user is able to inject a command that will be included in the exported CSV file. To exploit this vulnerability, a user must login with employee user credentials, browse to My Profile and add =cmd|'/C calc'!A1 into the First Name field. Then, the user must log in with admin's credentials, browse to Core HR > Employees Last Login, click on the CSV button to download and open the exported CSV file. The calculator will be opened.
A user is able to inject a command that will be included in the exported CSV file. To exploit this vulnerability, a user must login with regular user's credentials, add =cmd|'/C calc'!A1 as a comment on any article, log in with admin's credentials, browse to Dashboard > Comments, click on the CSV button to download and open the exported CSV file, and the command will be executed.
A user is able to inject a command that will be included in the exported CSV file. To exploit this vulnerability, a user must first login with Sales user's credentials, then browse to Trader > Customer > New Customer and add =cmd|'/C calc'!A1 into the Customer Name field. The user must then log in with admin's credentials, browse to Sales > Create Invoice to create an invoice for that user, and finally browse to All Invoice > Export to download and open the exported CSV file.
A vulnerability in VMware ESXi could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to improper validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending a crafted request to the affected software. A successful exploit could allow the attacker to execute arbitrary code on the targeted system.
Multiple stored XSS vulnerabilities were discovered in WSO2 Carbon and WSO2 Dashboard Server. The vulnerabilities allow an attacker to inject malicious JavaScript code into the application, which is then executed in the browser of the victim when the application is accessed. The malicious code can be used to steal session cookies, hijack user sessions, redirect users to malicious websites, or perform other malicious actions.
This vulnerability allows an attacker to cause an info leak in image inflation. It occasionally crashes when rendered, otherwise it displays uninitialized memory as pixels. To reproduce, put the attached images on a webserver and vist: http://127.0.0.1?img=inflate.png.
The attached fuzzed swf file causes heap or stack corruption (depending on platform) when rendering a slab. This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge.
This PoC causes a heap overflow when playing a sound in a fuzzed swf file. It is most reliable in the standalone Flash player and Microsoft Edge.
Microsoft Internet Explorer (Win 10) is vulnerable to a Denial of Service (DoS) attack due to a null pointer de-reference (read) when MSIE encounters an specially crafted HTML HREF tag containing an empty reference for certain Windows file types. Upon IE crash it will at times daringly attempt to restart itself, if that occurs and user is prompted by IE to restore their browser session, then selecting this option so far in my tests has shown to repeat the crash all over again. This can be leveraged by visiting a hostile webpage or link to crash an end users MSIE browser. Referencing some of the following extensions .exe:, .com:, .pif:, .bat: and .scr: should produce the same.
Services By CQR