Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server's output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client (including the control stanzas that are only meant to be sent by the server).
80c339179764f04e39876070e482957638cbcf822ccdb04b5cc72ea035585e1eChromeOS uses usbguard when the screen is locked but appears to suffer from bypass issues.
686e2d50596cc3cee3dd66e0fc5f2a715094be5a79c099a547c49d3457af1129qdPM version 9.1 authenticated remote code execution exploit that leverages a path traversal.
3232c57ac453b2620e024f66156e77f94a31f69956a38912a194df206d7de228The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITY\SYSTEM. This module uses the MS-RPRN vector which requires the Print Spooler service to be running.
1720ad267b345d6b91409cdb01c0ab129fc9f485ac71c4c4a816698bd6351239Online Fire Reporting System version 1.0 suffers from a remote SQL injection vulnerability.
b1c3fcc5f6290ffd9b90335d1c772770c479498cbb069b16a94b8cc5ac381565CLink Office version 2.0 anti-spam management console suffers from a remote SQL injection vulnerability.
9676058a709b31daa10982fa1a10ec1523f7cda27a0244b0cd46de826a9d9647This report describes a vulnerability chain that enables a malicious user to compromise another user over Zoom chat. User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol. Initial vulnerability (labeled XMPP Stanza Smuggling) abuses parsing inconsistencies between XML parsers on Zoom's client and server in order to be able to "smuggle" arbitrary XMPP stanzas to the victim client. From there, by sending a specially crafted control stanza, the attacker can force the victim client to connect to a malicious server, thus turning this primitive into a man-in-the-middle attack. Finally, by intercepting/modifying client update requests/responses, the victim client downloads and executes a malicious update, resulting in arbitrary code execution. A client downgrade attack is utilized to bypass signature check on the update installer. This attack has been demonstrated against the latest (5.9.3) client running on Windows 64-bit, however some or all parts of the chain are likely applicable to other platforms.
c5835f3651ef4f351fdd27038787c6bd633712398f3562132cf3224e2a0a5e16iTop versions prior to 2.7.5 authenticated remote command execution exploit.
a0b99a6ffb1e72f424f072c032f45fd3c9811762bc3e6fd6ab9132aafab59e6cm1k1o's Blog versions 1.3 and below suffer from an authenticated remote code execution vulnerability.
2b47e9371ac01f9cd3b2a32ec2b181b1cd6add45c1a4c22f0a31ba5ce0bfacb1Blockchain FiatExchanger version 2.2.1 suffers from a remote blind SQL injection vulnerability.
bd6447df12937c57076ad4d0d5107320b3c62fd6546ee327bfacdb2dac5e077eBlockchain AltExchanger version 1.2.1 suffers from multiple remote SQL injection vulnerabilities.
768082d75640db5a3a48bae35e88f8cd7a20a4fd520ce42edba1191185d3d76eOpenCart Newsletter module version 3.0.2.0 suffers from a remote blind SQL injection vulnerability.
805fd6ad0c574d69c71ad237235b343f1513bb540e8cf4ad999d729138a8ac9bLinux usbnet code tells minidrivers to unbind while netdev is still up, causing use-after-free conditions.
9cbdb1ccc149a355b2d267a848a75d3513d0e33cb89787801e49bf0110235f37The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected.
431dc815f86760913b7ea6a072291378a6fef4f738687bbc91541e8aa7a5a417LiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability.
64fb0fffa85d330dbc47f539a594fa8fcad4c9362b419983c93474d08ba4e151PHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
050c77ae0f13a5b4247218de44f8bf133ca516aae7da4d73aba802231bdde893Emby Media Server version 4.7.0.60 suffers from a cross site scripting vulnerability.
256376262a49c057629921be5beec6fce54d72865c495c12b211bc4fb22ecfaaThanos ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.
5533b7c50594024a4e1314f9732abe9064dda34616ffe16430cdf34c04e4c992SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.
8860761838526038594fcc60341f30b6ce5d75e287ff95719536bb39ccf39c13Online Discussion Forum Site version 1.0 suffers from a remote blind SQL injection vulnerability.
4ee8e26b03aaab698cd44b2e3b37998f1e0a8d62d370fcb6c7a0fa3cfbbfada8Showdoc versions 2.10.3 and below suffer from a persistent cross site scripting vulnerability.
9794c5dc51ff960938f2de93bd6a7f9916dd3f208482681592b1d965acd7691aOpenCart So Listing Tabs component versions 2.2.0 and below suffer from a deserialization vulnerability that can allow for arbitrary file writes.
3bfd18c825f10a8abfe964c1ea209688517e067de8a3b9c084594fcd34b53d85T-Soft E-Commerce version 4 suffers from a remote SQL injection vulnerability.
45b5224650ea3cb883a0c405f3c4d76eef8cc2dbc8f3fb98282c4ea633d2e202T-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability.
a38f9872c25051fb5d40689975a5a643292512cac28208caeaa677228ed3e251Survey Sparrow Enterprise Survey Software 2022 suffers from a persistent cross site scripting vulnerability.
afd7b7d6dc71690c8e9b74e168637e22184d16b38d583b0e4f0fc7f27fe83aad
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed