Micro Focus VisiBroker C++ version 8.5 SP2 suffers from multiple memory corruption vulnerabilities.
20d06be514a3c5e7552eac8487a7e2ef90f88d1a1ad22ca6b61679bef1d32ed1Webmin version 1.850 suffers from server side request forgery, cross site request forgery, and cross site scripting vulnerabilities, the last of which can lead to remote command execution.
d11573ef8f901da4b1c7a343b9844592c00e8cb689d9d4a889cdc4549e895f61WordPress Influencer Marketing and Press Release System plugin version 2.2 suffers from a cross site scripting vulnerability.
39c521eb50ba77a7bc8850419d4f5955419cdccad20c6e741de0dfe4a75d5f80Microsoft Edge Chakra accesses uninitialized pointers in StackScriptFunction::BoxState::Box.
c3dd2ea0e712669479d2aa22890d91c996500f2404810f48866a0657a23d0993The "String.prototype.replace" method can be inlined in the JIT process. So in the method, all the calls which may break the JIT assumptions must be invoked with updating "ImplicitCallFlags". But "RegexHelper::StringReplace" calls the replace function without updating the flag. Therefore it fails to detect if a user function was called.
6c4259839de11f0d96f33fa01fc2246725c92d13a8e640c34e3ea19ed893ffcdMicrosoft Edge Chakra JIT compiler creates incorrect GenerateBailOut calling patterns.
c3a94eb581652bd3601d89fe9f3bccfc65bf2f5b30dccc9db74b9516daac3bfcThe enlightened lockdown policy check for COM Class instantiation can be bypassed in MSHTML hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).
9712057287ac930a735ce61231cfc9d8ca34030fa8ad189ecf196bc27cdeabe2Shadowsocks-libev version 3.1.0 suffers from a remote command execution vulnerability.
8aa4d9bfa1fdc7daf2bf705d5487612abef1c1807139246be24fa5f0b84b9113Several issues have been identified, which allow attackers to manipulate log files, execute commands and to brute force Shadowsocks with enabled autoban.py brute force detection. Brute force detection from autoban.py does not work with suggested tail command. The key of captured Shadowsocks traffic can be brute forced. The latest commit 2ab8c6b on Sep 6, 2017 is affected.
c64eed8300f6f6714169306d2895cc8ef0dff3acc98056115f385ce1201d0c24AlienVault USM version 5.4.2 suffers from a cross site request forgery vulnerability.
b5e6ee31b1a3e5fd0aa449ccfe7c7f88fc5ec5d1636f74a41f4ea05671f70da8Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem. Because some files on the Content Server filesystem are security-sensitive this security flaw leads to privilege escalation.
782b07d542a51cfa91ec48aaeb81da9325c12c927c3fc47bd2cfa87f5e741c19Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows any authenticated user the ability to replace content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.
ac7c57e364c48ad77e9244ef5c906a10bfe022c7af7f5697dd095c5d81ee4d9cOpentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker's repository permissions.
24c6a20d38acd4191fcc54a1c86e6f583c30b30ff4b31be01f81bdcfb2155a80Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) allows for privilege escalation via traversal attacks leveraged through uploaded tar files.
8f058be0fbb3dae75f3313418482761ee598bb48de892ffce1875c79cccba63dQuick CMS version 6.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
371be15379da1b62d2f4126e6db0e1ca97f1896e78e829c5940d7d7753c20932DuckieTV CMS version 1.1.5 suffers from a local file inclusion vulnerability.
b8bb368f6c62fc060f1f6bbfef281f4bddad8964dffbdb9d6ebe0ae4c4f287b3E-Sic Software livre CMS version 1.0 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.
fd9acdc881cdf1892c664ffcfe05896106baae015910fa71fedc474e208d0908phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability where an attacker can embed malicious script code in the title of the faq.
2886abf85bb7d159d238a029d4735a38ee38240d0de808755f12e5f6b44da496There exists an unauthenticated SEH based vulnerability in the HTTP server of Sync Breeze Enterprise version 10.1.16, when sending a GET request with an excessive length it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account. The SEH record is overwritten with a "POP,POP,RET" pointer from the application library libspp.dll. This exploit has been successfully tested on Windows XP, 7 and 10 (x86->x64). It should work against all versions of Windows and service packs.
cd660cfe17078fd46a1bde16db1b2e75840ec80024327923f3e6be7f8c826dfdTypo3 Restler extension version 1.7.0 suffers from a local file disclosure vulnerability.
3c8e62bce4fc30f456f7759aae37fe45e2da7b299b434553064137518ad99c14The BouquetEditor plugin for Dreambox 2.0.0 suffers from a cross site scripting vulnerability.
925ea65626e3e1477d516b5b0859d7e5dcbef48a3eaf357b0e370696aaf359c4PHP Melody version 2.7.3 suffers from cross site scripting and SQL injection vulnerabilities.
5614049b822636ce667292c3cab2231cc4225e1397f912386bf5a79eb8d44faaThis Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by abusing the way "WinSxS" works in Windows systems. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three separate binaries in the standard technique. However, it requires the correct architecture to be selected, (use x64 for SYSWOW64 systems also).
8cd31ba17bb756dff503d85ed7cfa7ac81b9cff23d1bb0cb3ec38c54ca1c4696This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. Trend Micro IMSVA product have widget feature which is implemented with PHP. Insecurely configured web server exposes diagnostic.log file, which leads to an extraction of JSESSIONID value from administrator session. Proxy.php files under the mod TMCSS folder takes multiple parameter but the process does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the web server user.
a28a0e405c43d1d9d228e28261a5e904e2adcd99280b5dee750ba1116cc84e02This Metasploit module uploads a jsp payload and executes it.
1bcd8522a629c51e6deae61cfca749f33b5097c339c0e8c1ae355f14834964cb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed