The Joomla! Component Micro Deal Factory version 2.4.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting SQL code into the 'id' parameter of various URLs, potentially gaining unauthorized access to the database.
The vulnerability can be triggered by using one computer to create a filesystem on a USB key (or other removable media), then editing its filesystem label to include a bunch of %n's, removing and inserting the media into another computer running udisks2 <=2.8.0. This binary runs as root, and if exploited in that capacity could potentially allow full compromise. This will cause a denial of service, crashing udisks2 and not letting it restart (or until /var/lib/udisks2/mounted-fs is removed and the system is restarted). This keeps the system from automounting things like USB drives and CDs. The vulnerability -may- be exploitable beyond a DoS by crafting a format string exploit and putting it in the label of the drive. I tried to exploit it for a couple of days but cannot find a filesystem with a lengthy enough label to be able to fit the exploit and spawn a root shell, as the smallest shellcode I could make was around 50 characters, and the longest filesystem labels I could find are limited to 32 characters.
The vulnerability allows an attacker to include arbitrary files from a remote server, which can lead to remote code execution or information disclosure.
Any user can read files from the TV, without authentication due to an existing LFI in the following path: http://SuperSign_IP:9080/signEzUI/playlist/edit/upload/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd
This bug allows for local or remote file inclusion in the Wechat Broadcast plugin for WordPress. The vulnerability can be exploited by using the version 1.0 of the HTTP protocol to interact with the application. The specific file affected is /wechat-broadcast/wechat/Image.php, where the 'url' parameter is not properly sanitized.
A number of registry system calls do not correctly handle pre-defined keys resulting in a double dereference which can lead to EoP.
This module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library (libnspr) on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the `NSPR_LOG_FILE` environment variable. The log file is created with the privileges of the running process, resulting in privilege escalation when used in combination with a SUID executable. This module writes a shared object to the trusted library directory `/usr/lib/secure` and runs the specified SUID binary with the shared object loaded using the `LD_LIBRARY_PATH` environment variable. This module has been tested successfully with libnspr version 4.5.1 on Solaris 10u1 (01/06) (x86) and Solaris 10u2 (06/06) (x86).
When object header inlining is deoptimized, the type handler of the object is converted to a dictionary type handler. The problem is that it doesn't consider some attributes that dictionary type handlers don't have, so adding or removing those attributes can fail. ObjectSlotAttr_Accessor which indicates that the property is an accessor is one of them.
The PHPDJ v05 (page) is vulnerable to remote file inclusion. By exploiting this vulnerability, an attacker can include a malicious file from a remote server, which can lead to remote code execution or other attacks.
The Uplay desktop client does not properly validate user-controlled data passed to its custom uplay URI protocol handler. This flaw can be used to exploit the Chromium Embedded Framework (CEF) integrated within the Uplay client, allowing for arbitrary code execution.
Services By CQR