WhatsApp 2.18.31 and prior are affected. The application fails to properly filter user-supplied input and is prone to a remote memory corruption. An attacker could exploit this vulnerability to remotely corrupt the memory of the application, forcing an unhandled exception in the context of the application that could potentially result in a denial-of-service condition and/or remote memory corruption.
TIBCO’s JasperReports (<=6.2.4, 6.3.0, 6.3.2-3, 6.4.0, 6.4.2, CE/ActiveMatrix BPM and Jaspersoft AWS with Multi-Tenancy/Reporting and Analytics for AWS <=6.4.2) is vulnerable to an authenticated file read and inclusion vulnerability by means of directory traversal. It is possible for an attacker, regardless of user permissions, to access or include files from within the filesystem hosting the application.
The vulnerability allows an attacker to include a remote file from a malicious server, potentially leading to remote code execution.
The exploited vulnerability is an arbitrary pointer dereference affecting the dwVarID field of the MIB_OPAQUE_QUERY structure. The dwVarID is used as a pointer to an array of functions and the application does not check if the pointer is pointing out of the bounds of the array, allowing for remote code execution. This exploit is tested in Windows Server 2003 SP2 (ES) with RRAS service enabled.
This exploit triggers a BSOD (Blue Screen of Death) by sending a specific IOCTL (Input/Output Control) request with the code 0x002220e0 to the driver 2345BdPcSafe.sys of the software 2345 Security Guard version 3.7. By exploiting this vulnerability, an attacker can cause a targeted system to crash and display the BSOD screen.
Mantis v1.1.3 and earlier are vulnerable to a post-authentication Remote Code Execution vulnerability in the sort parameter of the manage_proj_page.php page.
This vulnerability allows an attacker to include remote files on the server by manipulating the 'view' parameter in the 'forum.php' file. By providing a malicious file path in the 'view' parameter, an attacker can execute arbitrary code on the server.
GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to the cookie jar file. Normally a website should not be able to set cookies for other domains. Due to insufficient input validation GNU Wget can be tricked into storing arbitrary cookie values to the cookie jar file, bypassing this security restriction. An external attacker is able to inject arbitrary cookie values cookie jar file, adding new or replacing existing cookie values.
This is an exploit for the x86_64 Linux kernel ia32syscall emulation bug. It allows an attacker to escalate privileges and gain root access to the system. The exploit was discovered by Wojciech Purczynski.
This module exploits a chain of vulnerabilities in Palo Alto Networks products running PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using an authentication bypass flaw to exploit an XML injection issue, which is then abused to create an arbitrary directory, and finally gains root code execution by exploiting a vulnerable cron script. This module uses an initial reverse TLS callback to stage arbitrary payloads on the target appliance. The cron job used for the final payload runs every 15 minutes by default and exploitation can take up to 20 minutes.
Services By CQR