This exploit allows an attacker to upload malicious files to the Seditio and Ldu CMS websites. The attacker needs to register on the victim's website and then upload the evil script through the 'pfs.php' page. The evil script can be in the form of a .php.gif, .php.jpg, or .php.png file.
The handler of the 0x120007 IOCTL in nsiproxy.sys discloses portions of uninitialized pool memory to user-mode clients. This is likely due to output structure alignment holes. The bug manifests itself through a call to the undocumented NSI!NsiGetParameter userland function.
AIX ftp Local Root Exploit by qaaz.
There is a buffer overflow in the log viewer/parser of FTPGetter. When a malicious ftp server returns a long 331 response, the overflow overwrites SEH produced is exploitable. There are many bad characters, so I had to ascii encode everything. My PoC runs code to launch a command shell. Also note the time of day is displayed in the log viewer, which will change the length of the buffer needed. Just adjust your sled accordingly.
This exploit bypasses Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) using the ASM.JS JIT Spray technique. It targets Firefox version 50.0.1 and exploits a vulnerability (CVE-2016-9079) in the Tor Browser.
This exploit allows an attacker to escalate their privileges to root on IBM AIX versions up to 5.3 sp6. It takes advantage of a vulnerability in the AIX pioout command.
This vulnerability allows a low privilege user to escalate to an administrative user via a bug within the Viewfinity "add printer" option.
The software transmits sensitive data using double Base64 encoding for the Cookie 'auth_token' in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read from the vxcore log file directly using directory traversal attack resulting in authentication bypass / session hijacking.
The Pelco VideoXpert Core Admin Portal is vulnerable to directory traversal, allowing an unauthenticated attacker to view arbitrary files within the context of the web server.
The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.
Services By CQR
