The appRain CMF 4.0.5 allows remote attackers to execute arbitrary code via an authenticated user uploading a crafted file containing PHP code.
This is a proof of concept exploit for crashing jetAudio 8.1.3 Basic using a corrupted mp3 file. When the file is opened with jetAudio, it triggers an access violation exception, causing the application to crash.
Multiple vulnerabilities exist in Simple Job Script. These include SQL injection vulnerabilities in the 'landing_location', 'job_id', 'employerid', and 'app_id' parameters, as well as an XSS vulnerability in the 'job_type_value[]' parameter.
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. The product sets weak access control restrictions, as permissions are set to Full Control for Everyone group. This can allow low integrity malware the ability to replace ScanGuard executables.
This exploit allows an attacker to gain access to the FS-S3900-24T4S device by using the telnet protocol. The attacker can use the guest credentials to login and then use the enable command with the super password to gain access to the device. The attacker can then configure the device to create a new user with admin privileges and no password.
I have discovered a vulnerability in Clickheat 1.13 onwards that would allow an attacker to execute arbitrary commands on the remote webserver, in the context of the user running the webserver, without authentication. This could lead to unauthenticated access to the Clickheat web application, and potentially complete takeover of the remote webserver. For the exploit to be successful, the webserver (Apache was tested in this case) must be configured to handle Perl (.pl) scripts and have the ExecCGI directive present in the VirtualHost configuration. The issue stems from a script called parseClickLogs.pl in the /scripts directory of clickheat. If the Apache configuration is setup as above, this script will be executed when a user visits /clickheat/scripts/parseClickLogs.pl, as shown in Apache logs. Arbitrary parameters can be supplied to the script directly from the URL, separated by +'s. In the script, on line 48 is a vulnerable open() command.
A buffer overflow vulnerability exists in the GdiDrawStream function of win32k.sys when handling a specially crafted HTML page. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user.
Multiple .bed files are vulnerable to buffer overflows in the GOG.com copy of FlatOut. An exception offset of 61616161 can be used to overwrite the original playlist_0.bed file in %program files%GOG.comFlatOutdatamusic and launch flatout.exe, resulting in a crash.
A vulnerability in BlueZone Desktop allows a local attacker to cause a denial of service by creating a specially crafted .zmd file. The vulnerability is due to an error when handling a specially crafted .zmd file. An attacker can exploit this vulnerability by creating a specially crafted .zmd file and convincing a user to open it with bzmd.exe. Successful exploitation will cause the application to crash.
A maliciously crafted .zap file can cause a denial of service when opened with bzap.exe. The file contains a header of 'BZAP200BK' followed by 20 'A' characters.
Services By CQR