Advantech iView software versions prior to 5.7.04.6469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint. The database backup functionality passes a user-controlled parameter, backup_file to the mysqldump command. The sanitization functionality only tests for SQL injection attempts and directory traversal, so leveraging the -r and -w mysqldump flags permits exploitation. The command injection vulnerability is used to write a payload on the target and achieve remote code execution as NT AUTHORITY\SYSTEM.
23eb648158fbc4d29b6a4548a4494b101e1715cad07dd93ecd76726409d9069dUbuntu Security Notice 5570-1 - Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.
633b92af147a1739d4a4962c2ea0be171beb06a16ace9652f8d22cbc627f27e6Polar Flow for Android version 5.7.1 stores the username and password in clear text in a file on mobile devices.
534a0fb256871c4890c13c7c9eff7a99819ffd05819971ead460bbca15cc9fb0FreeBSD versions 11.0 through 13.0 suffers from a local privilege escalation vulnerability via an aio_aqueue kernel refcount bug. This research post goes into great depth on how the researcher traversed the logic flow and achieved exploitability.
326b5e8f7907c92be98ab7e3ac35bb7766ebdf09bf20a0f1659fef3debf9aa56
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed