1337day-Exploits

Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server's output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client (including the control stanzas that are only meant to be sent by the server). View the full article

ChromeOS uses usbguard when the screen is locked but appears to suffer from bypass issues. View the full article

qdPM version 9.1 authenticated remote code execution exploit that leverages a path traversal. View the full article

The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITY\SYSTEM. This module uses the MS-RPRN vector which requires the Print Spooler service to be running. View the full article

Online Fire Reporting System version 1.0 suffers from a remote SQL injection vulnerability. View the full article

CLink Office version 2.0 anti-spam management console suffers from a remote SQL injection vulnerability. View the full article

This report describes a vulnerability chain that enables a malicious user to compromise another user over Zoom chat. User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol. Initial vulnerability (labeled XMPP Stanza Smuggling) abuses parsing inconsistencies between XML parsers on Zoom's client and server in order to be able to "smuggle" arbitrary XMPP stanzas to the victim client. From there, by sending a specially crafted control stanza, the attacker can force the victim client to connect to a malicious server, thus turning this primitive into a man-in-the-middle attack. Finally, by intercepting/modifying client update requests/responses, the victim client downloads and executes a malicious update, resulting in arbitrary code execution. A client downgrade attack is utilized to bypass signature check on the update installer. This attack has been demonstrated against the latest (5.9.3) client running on Windows 64-bit, however some or all parts of the chain are likely applicable to other platforms. View the full article

iTop versions prior to 2.7.5 authenticated remote command execution exploit. View the full article

m1k1o's Blog versions 1.3 and below suffer from an authenticated remote code execution vulnerability. View the full article

Blockchain FiatExchanger version 2.2.1 suffers from a remote blind SQL injection vulnerability. View the full article

Blockchain AltExchanger version 1.2.1 suffers from multiple remote SQL injection vulnerabilities. View the full article

OpenCart Newsletter module version 3.0.2.0 suffers from a remote blind SQL injection vulnerability. View the full article

Linux usbnet code tells minidrivers to unbind while netdev is still up, causing use-after-free conditions. View the full article

The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected. View the full article

LiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability. View the full article