In ProConf version before 6.1, an Insecure Direct Object Reference (IDOR) vulnerability exists. This vulnerability allows any author to access and retrieve all submitted papers including titles, abstracts, and personal information of authors (such as Name, Email, Organization, and Position) by manipulating the Paper ID parameter.
The Microsoft library-ms file format was found to have an NTLM hash disclosure vulnerability, where sensitive information could be exposed. Initially considered not severe by MSRC in 2018, it was later acknowledged by Microsoft and assigned CVE-2025-24054 in 2025. This vulnerability allows remote attackers to access sensitive information.
The vulnerability allows an attacker to create references to BPF programs, which can overflow the 32-bit reference counters in the kernel. By filling approximately 32GB of memory, the overflow can occur, subject to RLIMIT_MEMLOCK restrictions. This can lead to a kernel paging request error and potentially cause a system crash or instability.
This exploit targets a vulnerability in Spring Data REST that allows remote code execution (RCE) through malicious PATCH requests. The vulnerability affects Spring Data REST versions prior to 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1). By exploiting this vulnerability, an attacker can execute arbitrary code on the server.
This exploit takes advantage of a buffer overflow vulnerability in Allok Video Converter. By exploiting this vulnerability, an attacker can open the calculator application on the target system.
The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.
Multiple vulnerabilities were identified in the Pictview image processing library embedded by the Toolkit and signed by ActivePDF. They could allow remote attackers to compromise applications relying on the Toolkit to process untrusted images.
Network Time System (Server) "NTSServerSvc" service listens on Port 7001, unauthenticated remote attackers can crash the Server by sending exactly 11 bytes to the target system. Systems which may depend on critical time synchronization could then potentially be impacted.
The Web Interface of the Bravo Tejari procurement portal does not use random tokens to block any kind of forged requests. An attacker can take advantage of this scenario and create a forged request to edit user account details like name, address of the company/individual, email address etc. He then uses social engineering techniques to target specific individuals whose account details he would like to change. He simply sends the link and tricks the user into clicking the forged http request. The request is executed and user account details are changed without his knowledge.
This exploit is a local buffer overflow in Dup Scout Enterprise version 10.5.12. By generating a specific file and copying its contents to the clipboard, an attacker can execute arbitrary code and potentially gain control of the affected system. The exploit has been tested on Windows 7 x86.
Services By CQR