The default error page in Spring Boot (also know as "Whitelabel Error Page"), when a type error is detected in a parameter configured in a controller, will display the provided value. The page's rendering expands Spring Expression Language (SPEL) expressions found in the page, and it does so recursively. Because of this, a string containing an expression language provided as the value for an URL parameter may be evaluated server side while rendering the page if it's from a different type to the expected for said parameter. The "Whitelabel Error Page" is provided by default, but it can be customized. This attack has only been tested with the default error page. In particular, if SPEL is not used a the templating language for another page, or if the page doesn't print the exception due to type mismatch, the attack is not possible.
An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie. The newline acts as a command separator to the xauth binary. The injected xauth commands are performed with the effective permissions of the logged in user. This attack requires the server to have 'X11Forwarding yes' enabled. This module injects source xauth command to retrieve arbitrary files.
Jenkins is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the XStream Java library. By exploiting known methods, it is possible to remotely load a ProcessBuilder Java class, which allows the execution of system commands.
Exim installations compiled with Perl support do not perform sanitation of the environment before loading a perl script defined with perl_startup setting in exim config file. This can be exploited by malicious local attackers to gain root privileges.
This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors
The join_session_keyring() function in security/keys/process_keys.c in the Linux kernel is prone to a reference counter overflow that occurs when a process repeatedly tries to join an already existing keyring. This vulnerability can be leveraged by local unprivileged attackers to gain root privileges on the affected systems.
An OS Command Injection vulnerability exists in the "Landing Pages" plugin for WordPress. This module verifies the vulnerability and provides a OS Command Inection Agent.
The EnableNetwork method in the org.blueman.Mechanism D-Bus service of Blueman, a Bluetooth Manager, receives untrusted Python code provided by unprivileged users and evaluates it as root. This can be leveraged by a local unprivileged attacker to gain root privileges.
This module exploits a vulnerability in Linux. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
The default Jenkins configuration allows to execute groovy scripts without being authenticated.
Pagination
- Previous page
- Page 24
- Next page