ServiceNow suffered from having an insecure access control that could lead to full administrative compromise. The associated link has a proof of concept.
1ba72d97e5b5609910fcc6b7107bef5cb14d772f105f4a4b5e856f37da0c93f2PrinterLogic build version 1.0.757 suffers from authentication bypass, cross site request forgery, cross site scripting, session fixation, insufficient checks, impersonation, remote SQL injection, and various other vulnerabilities.
1631d9ea880d645fa96e60ab35dadd9fa31ea602fc8d3ea5528a7418cc9cfc0bSeveral PHP compatibility libraries contain a potential remote code execution flaw in their json_decode() function based on having copy pasted existing vulnerable code. Affected components include the WassUp Realtime analytics WordPress plugin, AjaXplorer Core, and more.
15c734bb46c83c88ca1f44b832953d3f324999fb6a6e5fa2aaf519830ded1198Sabberworm PHP CSS parser suffers from a code injection vulnerability. Many versions are affected.
cbff4c11162bd6a8c86cb798bce9beeaaea906f988d1e1211fcc87823ed3acb5HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a privileged command injection vulnerability.
14f2502cce1f48d90d5604ec27b5fd00b49d92dca7461a8a5b30b18ade28ee1fHP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a Citrix receiver connection wrapper command injection vulnerability.
eb4c697a97d752e546087c1c92f72f5ac8c5d658671e63bf3352ddfb5a13cb26HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a local privilege escalation vulnerability.
7f1293575b0e76de415de2ab20c4993ec2addd8fcc7cbbb76e519c22ef4b967dHP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from an application filter bypass vulnerability.
99ae4d99639a753124299498c99f9195e518195f8a8f6da78f571fd9c30371c5HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a local physical access information disclosure vulnerability.
64f3925e91a779a52ebd3d1823441c27cdb0af76a86d87a223161adc1862bbedThis Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqli_escape_real_string() function, which permits backticks. These parameters are used as part of a shell command that gets executed via the passthru() function, which can result in code execution.
e40f291b536ddb530c9c679f17c98644fcd1bd9ef0a75a355c8b3a8fc1d135c0The IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server. The IDAL HTTP server does not safely handle username or cookie strings during the authentication process. Attempting to authenticate with the username "%25s%25p%25x%25n" will crash the server. Sending "%08x.AAAA.%08x.%08x" will log memory content from the stack.
2710131973cb651b312b3b4490bb6638b5ec8ddf6b94183de3c0860cb2228091The IDAL HTTP server is vulnerable to a stack-based buffer overflow when receiving a large host header in a HTTP request. The host header value overflows a buffer and overwrites the Structured Exception Handler (SEH) address with a larger buffer. An unauthenticated attacker can send a Host header value of 2047 bytes or more to overflow the host headers and overwrite the SEH address which can then be leveraged to execute attacker controlled code on the server.
2421624e7ad840181ca84c4621cdcea0f08c090f97ea23834ea7b42bf7a3e813The IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. In the IDAL CGI interface, there is a URL (/cgi/loginDefaultUser), which will create a session in an authenticated state and return the session ID along with the username and plaintext password of the user. An attacker can then login with the provided credentials or supply the string 'IDALToken=......' in a cookie which will allow them to perform privileged operations such as restarting the service with /cgi/restart.
2617e6ac047295c7fb8c7aca613dea0e8f19f61ec746d1002bff8329b0e82b21The IDAL FTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server.
97f45ac950dcf506a57f347833ae16de5edfa742a6d69f781cb6a6095d7d3ef0The IDAL FTP server fails to ensure that directory change requests do not change to locations outside of the FTP servers root directory. An authenticated attacker can simply traverse outside the server root directory by changing the directory with "cd ..". An authenticated attacker can traverse to arbitrary directories on the hard disk and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.
00c2ac3a1ecb33776d1003c082f02f6355b49f02e6dd423c518718f20b434e76The IDAL FTP server is vulnerable to a buffer overflow where a large string is sent by an authenticated attacker that causes a buffer overflow. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer causing an exception that terminates the server. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker.
e9908b2bf53d554da934fea45c01279a24ea790f35632602c380884910cf6d18Mpay24 Payment Module versions 1.5 and below suffer from information disclosure and remote SQL injection vulnerabilities.
d66f449493790a1e98ef90672f5ab7b9b5deff6e10cb67a05b35be7af45b6a95
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed