SoX suffers from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.
VIAVIWEB Wallpaper Admin 1.0 is vulnerable to SQL Injection and Remote Code Execution. An attacker can inject malicious SQL queries into the login page and can execute arbitrary code on the server by uploading a malicious file.
pfBlockerNG is a package for pfSense which provides the ability to extend the firewall rule set to provide more granular filtering. A vulnerability exists in pfBlockerNG version 2.1.4_26 which allows an unauthenticated attacker to execute arbitrary code on the vulnerable system. This is due to the lack of input validation in the Host header of the index.php page. An attacker can craft a malicious Host header which will execute arbitrary code on the vulnerable system.
A vulnerability in SmartRG Router SR510n 2.6.13 allows an attacker to execute arbitrary code remotely. This is due to the lack of proper input validation in the pingHost.cmd page. An attacker can send a malicious payload to the router, which will be executed without any authentication. This can be exploited by sending a malicious payload to the router, which will be executed without any authentication.
CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade.
A path traversal vulnerability in Access Anywhere Secure Gateway versions 2020 R2 and older allows an attacker to read arbitrary files on the server. This is achieved by sending a specially crafted HTTP request containing a path traversal sequence of '../../../../../../../../windows/win.ini' to the server.
POC for unauthenticated configuration dump, authenticated RCE on msnswitch firmware 2408. Configuration dump only requires HTTP access. Full RCE requires you to be on the same subnet as the device.
Open Web Analytics (OWA) is an open source web analytics software written in PHP. A vulnerability exists in Open Web Analytics version 1.7.3 and below, which allows an unauthenticated attacker to gain access to the application by exploiting a Remote Code Execution (RCE) vulnerability. The vulnerability exists due to the lack of proper input validation in the 'owa_cache.php' script, which allows an attacker to inject arbitrary PHP code into the application. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script.
Zephyr Project Manager is a plug-in that helps you manage and get things done effectively, all your projects and tasks. It has been determined that the data coming from the input field in most places throughout the application are used in the query without any sanitize and validation.
Testa 3.5.1 is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker can inject malicious JavaScript code into the 'redirect' parameter of the 'login.php' page. When a user visits the page, the malicious code will be executed in the user's browser.
Services By CQR