The username/password fields in the application allow SQL queries to be executed. An attacker can use this vulnerability to extract sensitive information from the database or modify data. In this case, an example exploit is provided to change the admin's password to 'hacked'. Additional SQL queries are also mentioned to gather more information from the database.
This exploit allows remote attackers to execute arbitrary code on the Raisecom xpon device. By sending a specially crafted POST request to the /boaform/formPasswordSetup endpoint, an attacker can change the device's password and execute the 'reboot' command. This vulnerability has been assigned CVE-2019-7385.
This module exploits a file upload vulnerability in Booked 2.7.5. In the 'Look and Feel' section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections have file extension control except favicon part. You can upload the file with the extension you want through the Favicon field. The file you upload is written to the main directory of the site under the name 'custom-favicon'. After uploading the PHP payload to the main directory, the exploit executes the payload and receives a shell.
This exploit demonstrates how to gain read permission through type confusion. It takes advantage of a vulnerability in the Chakra version 1_11_4. By manipulating the object properties and using a specific ArrayBuffer, the exploit sets up a read operation on a target ArrayBuffer.
The exploit consists of a python script that creates a file with a specific payload and causes FileZilla 3.40.0 to crash when the payload is pasted in the "Search directory" field of the "Local search" feature.
This is a proof-of-concept exploit for a remote SEH overwrite vulnerability in Apple QuickTime 7.3. The vulnerability allows an attacker to overwrite the Structured Exception Handling (SEH) chain, leading to arbitrary code execution.
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges.
The XNU kernel in MacOS has a vulnerability that allows an attacker to exploit double-reads in a destination process. This can be done by creating copy-on-write copies of data between processes using various interfaces, including out-of-line message descriptors in mach messages. The vulnerability occurs when the copied memory is not protected against modifications by the source process. The copy-on-write behavior also works with file mappings, which can lead to memory pages being evicted from the page cache and reloaded from the backing filesystem. If an attacker can mutate an on-disk file without informing the virtual management subsystem, it can lead to a security bug.
The nf_nat_snmp_basic module in the Linux kernel, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages. The module uses the kernel's ASN.1 infrastructure for decoding instead of an open-coded parser. However, two specific callbacks in nf_nat_snmp_basic.asn1, snmp_version() and snmp_helper(), can be invoked with insufficient input available, leading to out-of-bounds read and write vulnerabilities.
Through fuzzing of network capture .pcap files, we have identified 16 crashes with unique stack traces in tcpdump. These crashes are caused by heap-based out-of-bounds memory reads. The crashes can be reproduced with the latest tcpdump source code from GitHub, compiled with AddressSanitizer.
Services By CQR