Directory Traversal vulnerability in Joomla! Component Picture Calendar for Joomla 3.1.4 allows an attacker to access arbitrary files and directories via a ../ (dot dot slash) in the folder parameter.
LabF nfsAxe v3.7 is vulnerable to a local buffer overflow vulnerability when handling a specially crafted TFTP 'Input Directory' parameter. This can be exploited to execute arbitrary code by corrupting the stack.
This exploit is a privilege escalation vulnerability in System Shield AntiVirus & AntiSpyware. It allows an attacker to gain SYSTEM privileges by exploiting a vulnerability in the SetKernelObjectSecurity function. The vulnerability is caused by a lack of proper validation of the DACL_SECURITY_INFORMATION parameter, which allows an attacker to write arbitrary data to the MSIEXECKEY registry key. This can be used to gain SYSTEM privileges.
Advantech WebAccess BWSCADARest Login Method is vulnerable to SQL Injection Authentication Bypass. An attacker can exploit this vulnerability to bypass authentication and gain access to the application. This vulnerability affects Advantech WebAccess 8.0-2015.08.16 and earlier versions.
Chris Lyne (@lynerc) discovered a vulnerability in HPE iMC PLAT v7.3 (E0504) Standard, which allows remote attackers to execute arbitrary code via a crafted serialized Java object to the RMI service. This PoC will launch calc.exe.
This exploit is used to gain root privileges on Arq <= 5.10. It works by exploiting a vulnerability in the Arq Agent application, which is used to perform auto-updates. The exploit involves copying the Arq application to a user's home directory, compiling a payload, backing up the original files, and then installing the payload. Once the payload is installed, the exploit is triggered by opening the Arq Agent application, which will then execute the payload and gain root privileges.
A CSRF vulnerability was discovered in KeystoneJS 4.0.0 which allows an attacker to bypass the CSRF protection and create a new user. The vulnerability exists due to the lack of CSRF protection for the /keystone/api/users/create endpoint. An attacker can craft a malicious HTML page and trick a logged-in user into submitting the form, resulting in a new user being created.
The vulnerabity is that the dlp_policy_upload.cgi allows the upload of a zip file, located statically as: /var/dlp_policy.zip. The problem is that we can then get that file extracted using admin_dlp.cgi. This gets extracted into 2 locations: - /eng_ptn_stores/prod/sensorSDK/data/ - /eng_ptn_stores/prod/sensorSDK/backup_pol/. We can then use symlinks to craft a symlinked that points to /opt/TrendMicro/MinorityReport/bin/. This is a clever trick, basically, we cant traverse since unzip checks for ../ (even though spec says its ok). We can still exploit this however by extracting a symlink to say a directory and then write into that directory.
A cross-site request forgery web vulnerability has been discovered in the official Netis-WF2419 Router. The vulnerability allows remote attackers to manipulate client-side web-application to browser requests to compromise the router by execution of system specific functions without session protection. A remote attacker is able to delete Address Reservation List settings of Netis Router with a cross-site request forgery html script code. The vulnerability can be exploited by loading embedded html code in a site or page. The issue can also be exploited by attackers to external redirect an user account to malicious web pages. The issue requires medium user interaction in case of exploitation. The request method to execute is GET and the attack vector is located on the client-side of the router firmware.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/product-list.php?srch=[SQL] %73%66%64%27%29%20%20%2f%2a%21%30%38%38%38%38%55%4e%49%4f%4e%2a%2f%28%2f%2a%21%30%38%38%38%38%53%45%4c%45%43%54%2a%2f%20%28%31%29%2c%28%32%29%2c%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%28%34%29%29%2d%2d%20%2d
Services By CQR