This vulnerability found during a pentest. The vulnerability is quite rare and worth to share.
Page 2 of 12
Simple stored XSS found in Wordpress Profile Builder Plugin version 5.2.7 and below
We discovered the vulnerability when we’re looking for alternate software in network monitoring. We know and we love Nagios, and so the Centreon, they provide a very nice interface of Nagios. Centreon provide nice features and ease of use when you’re dealing with network monitoring. The backend system is still Nagios, but the interface is totally different. You can view more features of Centreon here.
The vulnerability works as a common DLL Hijacking technique, that an attacker can “introduce” his/her own DLL to be loaded by the vulnerable software. But in this case, it becomes more interesting. Since PCMAV made as portable, users can install PCMAV without installation, it is of course to make it easier to the users.
SmadAV antivirus 9.1 is susceptible to null pointer exploitation. The application does not properly filter the scanner input that processed into smadengine.dll. The successful exploitation of this vulnerability could potentially result a crash on the application, since it will refer to a null pointer, EAX = 0000000
Trend Micro Control Manager prior to version 5.5 build 1823 (English and Japanese version) and version 6 build 1449 (English version only) are susceptible to SQL Injection. The application does not properly filter user-supplied input. The successful exploitation of this vulnerability could potentially result in arbitrary SQL command input to the back-end database, such as execute SQL command to upload and execute arbitrary code against the target system