The application is vulnerable to HTML injection, reflected cross-site scripting, and sensitive data disclosure.
This exploit causes a denial of service (DoS) by creating a malicious payload and pasting it into the 'POP3 Server Address and Login and Password' field in ActiveFax Server 6.92 Build 0316. This leads to a crash in the application.
"C:Program Files (x86)UbisoftUbisoft Game Launcher" has insecure permissions that allow all BUILTIN-USER to have full permission. An attacker can replace the vulnerable executable file with a malicious file.
This exploit allows an attacker to delete files on a WordPress site using the Arforms plugin version 3.7.1. The attacker needs to provide the URL of the site and the session ID. The exploit sends HTTP GET requests to the target site and checks for the existence of specific files. If the files are found, they are deleted.
The Intelbras Router WRN150 version 1.0.18 is vulnerable to persistent cross-site scripting. An attacker can inject malicious scripts into the Service Name and Server Name fields, allowing for the execution of arbitrary code in the user's browser.
The application suffers from an unquoted search path issue impacting the service 'NiSvcLoc'. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.
A stack overflow occurs when parsing an .m3u file which does not contain any delimiters.
This exploit allows an attacker to perform unauthorized actions on the SMA Solar Technology AG Sunny WebBox device by tricking a logged-in user into submitting a malicious form. The exploit takes advantage of a lack of CSRF protection in the device's firmware version 1.6 and prior.
This exploit targets the SurgeMail v.38k4 webmail application. It performs a denial of service attack by sending a specially crafted HTTP POST request with a large Host header. This causes the application to crash or become unresponsive.
This exploit allows an attacker to execute arbitrary code by triggering a buffer overflow in the Sricam DeviceViewer application. By adding a specially crafted username, the attacker can overwrite the return address and gain control of the program execution flow.
Services By CQR