ManageEngine OpManager version 12.3 suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of his choice. This service runs as Localsystem thus allowing for a privilege escalation vector.
ae204681482d49485787e2089822da443639ee41864f734ff4cdc933bed5841cGo Pro Fusion Studio version 1.2 suffers from a privilege escalation vulnerability.
54f08c391ceb310b302b0a6d69afa0f46da60dead416f9ec53d22072161f8948Sint Wind PI version 01.26.19 suffers from an authentication bypass vulnerability.
75a058c1e4408185eadda4db58ff7149ce94ba38afe34a983300dd97bb2d9801Alienware Command Center version 2.8.8.0 suffers from an unquoted search path issue impacting the service 'ioloenergybooster' for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
63f2538dadd62b01d9a1bdd72381e85972ffeb5361dcf205055e2e2870241cf9An unquoted service path vulnerability in Realtek 11n wireless LAN utility allow for privilege escalation.
8edd0b8e4145ca253b1c8218791fcccd4e50c65d89ec06e4fce246341f7908e6This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web Application Firewall (WAF) solutions: Incapsula and Cloudflare. This test was designed to bypass security controls in place, in any possible way, circumventing whatever filters they have. Given the rise in application-level attacks, the goal of the test was to provide IT managers of online businesses with a comparison of these WAFs against real-world threats in simulated real-world conditions.
049e90fe97f45591ee478a6bbbd1000e75975f5dbc47b2e1e89cfc59d6426fdcGLPI version 0.83.8 suffers from multiple error-based SQL injection vulnerabilities. Input passed via the POST parameter 'users_id_assign' in '/ajax/ticketassigninformation.php' script, POST parameter 'filename' in '/front/document.form.php' script, and POST parameter 'table' in 'glpi/ajax/comments.php' script is not properly sanitized before being used in SQL queries. This can be exploited by a malicious attacker to manipulate SQL queries by injecting arbitrary SQL code in the affected application.
d4ea648da5ce15f6a9a9ff70fced4a4c2d50218825a23a4be4c56ea5f0f90ee9GLPI version 0.83.7 suffers from a parameter traversal vulnerability that allows for arbitrary file access.
8c549c03c6d7b7e06618844943413d35622dfba90639b3c6ac5e75b5a16e3a25This document contains the results of a comparative penetration test conducted by a team of security specialists at Zero Science Lab against three 'leading' web application firewall solutions. The goal of the authors was to bypass security controls in place, in any way we can, circumventing whatever filters they have. This report also outlines the setup and configuration process, as well as a detailed security assessment.
b7ec360c41751b864d585550e59e6ce9daffa5990a1e4421486df42ffc283b61
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed