The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
This exploit allows an attacker to crash the QlikView 12.50.20000.0 software by sending a specially crafted FTP server address. By pasting a large buffer of 'A' characters into the 'FTP Server Address' field, the software crashes, resulting in a denial of service.
The RTSP for iOS 1.0 application is vulnerable to a denial of service (DoS) attack. By sending a specially crafted request, an attacker can cause the application to crash, resulting in a denial of service condition. The vulnerability exists in the 'IP Address' field of the application. To exploit this vulnerability, an attacker needs to provide a large amount of data (450 bytes) as the value for the 'IP Address' field. This will cause the application to crash when the user interacts with the 'IP Address' field. This proof-of-concept (PoC) code demonstrates the vulnerability by generating a buffer of 450 'A' characters and printing it to the console.
Remote code execution of user-provided local names in Rails < 5.0.1
This exploit allows a logged-in user to inject JavaScript code and steal a session ID. Other exploits could also be injected.
This exploit allows an attacker to disable authentication in Sickbeard 0.1 by sending a crafted request. By clearing the username and password fields in the form, authentication can be bypassed. The changes take effect after a server restart.
This exploit allows an attacker to remotely change the admin password on a target server running UploadImage v1.0 or UploadScript v1.0. The exploit takes advantage of a vulnerability in the software to bypass authentication and change the admin password. The vulnerability can be exploited by providing a malicious payload to the server.
This exploit allows an attacker to include local files on the Bio Star 2 system. It affects Bio Star 2, Video Extension up to version 2.8.2.
By asking network administrator to scan SNMP device to trigger Cross Site Scripting(XSS), we can call a remote JavaScript file to execute arbitrary code to reach Remote Code Execution on PandoraFMS.
Services By CQR