A path traversal vulnerability was discovered in the Huawei HedEx Lite v200R006C00SPC005. Attackers can request local files or resources by remotely requesting to unauthorized change a local path.
The 'sid' parameter in Dup Scout Enterprise 10.0.18 is vulnerable to a remote buffer overflow. By sending a specially crafted request to the server, an attacker can overflow the buffer and potentially execute arbitrary code on the target system.
SmarterMail before build 6985 provides a .NET remoting endpoint which is vulnerable to a .NET deserialization attack.
The Microsoft GamingServices version 2.47.10001.0 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain escalated privileges by placing a malicious executable in a directory with a space in its name, which is not properly quoted in the service's path. This can lead to the execution of arbitrary code with elevated privileges.
Druva inSync exposes an RPC service which is vulnerable to a command injection attack.
The Canto plugin 1.3.0 for WordPress contains Blind SSRF Vulnerabilities. It allows an unauthenticated attacker to make a request to any Internal and External Server via 'subdomain' parameter.
The vulnerability exists in the 'Field Name' parameter of the Invision Community admin page. By injecting a malicious payload into the 'Field Name' parameter, an attacker can trigger a cross-site scripting (XSS) attack.
This vulnerability allows an attacker to inject XSS payload in the 'Title' field of the Add Forum section. When an admin visits the View Detail of the Forum section from the admin panel, the XSS payload triggers and the attacker can steal the cookie with the crafted payload.
This exploit targets the PTZCamPanelCtrl object class in the CamPanel.dll version 2.1.0.2 of RTS Sentry Digital Surveillance. It allows for remote buffer overflow, specifically on Internet Explorer 7 running on Windows XP SP2. The exploit can be accessed through the following camera demo: http://www.rtssentry.com/index.asp?PageAction=Custom&ID=10.
This exploit allows an attacker to elevate their privileges on a Microsoft Windows system through the Win32k component. By exploiting this vulnerability, an attacker can execute arbitrary code with elevated privileges.
Services By CQR