There is a SQL injection vulnerability in the /viewtopic.php file. The variable $topic_id is directly passed to the SQL server in a query. An attacker can pass a special SQL string to view the MD5 password hash for any user in phpBB. This password can then be used for autologin or cracked using tools like John the Ripper.
The vulnerability allows an attacker to inject sql commands.
Asterisk is prone to a remote unauthenticated memory exhaustion. The vulnerability is due to an error when the vulnerable application handles crafted SCCP packet. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.
This vulnerability allows QuickTime media formats to execute arbitrary code in Firefox, potentially leading to a full compromise of the browser and underlying operating system. The exploit uses a specially crafted embed element in an XML file to execute a JavaScript command that launches the Windows calculator (calc.exe).
The vulnerability allows remote attackers to cause a heap overflow and obtain information from affected devices. The vulnerability exists in the CGI_decode function in /usr/lib/libcgiparser.so, which handles URL decoding of '%xx'. By supplying a single '%', the function tries to decode [% + NULL + Next char], resulting in a longer string than expected. This can lead to information leakage and potential exploitation.
This exploit allows an attacker to execute remote commands on a Geovision Inc. IP Camera & Video Server. It includes several methods, such as popping a stunnel TLSv1 reverse root shell, dumping all settings of remote IPC with login/password in cleartext, and using GeoToken PoC to login and download /etc/shadow via generated token symlink.
This exploit targets a buffer overflow vulnerability in Microsoft SQL Server Distributed Management Objects. It allows remote attackers to execute arbitrary code via a crafted HTML document.
The default DACL for the filter communication port is superseded allowing everyone to connect to the port. Once connected to the port, the driver automatically registers the process as trusted. This allows the process to issue IOCTL codes that couldn't be sent otherwise. e.g. disable real-time protection, write to raw disk, open full access handles to processes ...etc
This module exploits SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type confusion between Transaction and WriteAndX requests and a race condition in Transaction requests, as seen in the EternalRomance, EternalChampion, and EternalSynergy exploits. This exploit chain is more reliable than the EternalBlue exploit, but requires a named pipe.
A flaw in the profile section of Online Voting System allows an unauthenticated user to set an arbitrary password for accounts registered in the application. The application does not check the validity of the session cookie and updates the password and other fields of a user based on an incremental identifier and without requiring the current valid password for target account.
Services By CQR