Input passed to the 'file_name' parameter in 'get2post.php' script is not properly sanitised before being used to get the contents of a resource and delete files. This can be exploited to read and delete arbitrary data from local resources with the permissions of the web server using a proxy tool.
up.time suffers from a privilege escalation issue. Normal user can elevate his/her privileges by sending a POST request seting the parameter 'userroleid' to 1. Attacker can exploit this issue using also cross-site request forgery attacks.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
There is a use after free vulnerability in the ActionScript 2 TextField.filters array property. When the TextField.filters array is set, Flash creates an internal array holding the filters. When the property is read, Flash iterates over this array and clones each filter. During this loop, it is possible to execute some AS2 by overriding a filter's constructor. At that moment, if the AS2 code alters the filters array, Flash frees the internal array leaving a reference to freed memory in the stack. When the execution flow resumes to the loop, a use-after-free occurs. Flash 17.0.0.169 added a flag to mitigate Issue 457278 and Flash 18.0.0.160 added an other flag to mitigate Issue 476926, but both mitigations can be bypassed.
An integer overflow vulnerability exists in Adobe Flash Player when processing an MP3 file with a large ID3 tag. This vulnerability can be exploited by an attacker to cause a buffer overflow, resulting in arbitrary code execution. The vulnerability affects all versions of Adobe Flash Player on 64-bit platforms.
The Shared Object constructor does not check that the object it is provided is of type Object before setting it to be of type SharedObject. This can cause problems if another method (such as Sound.loadSound) calls into script between checking the input object type, and casting its native object. A proof-of-concept is provided which needs to be hosted on a webserver to work and only works on 32-bit systems.
An out-of-bounds write vulnerability exists in Adobe Flash Player. The vulnerability is caused due to an indexing error when the rdi “base” address is in bounds but add on 2*rdx and the address is not in bounds. This can be exploited to corrupt memory via a specially crafted SWF file.
A heap-based buffer overflow vulnerability was discovered in Adobe Flash Player. The vulnerability is caused due to a boundary error when handling a specially crafted .flv file. This can be exploited to cause a stack-based buffer overflow via a specially crafted .flv file. Successful exploitation may allow execution of arbitrary code.
There is a type confusion issue in the TextFormat constructor that is reachable because the FileReference constructor does not verify that the incoming object is of type Object (it only checks that the object is not native backed). The TextFormat constructor first sets a new object to type TextFormat, and then calls into script several times before setting the native backing object. If one of these script calls then calls into the FileReference constructor, the object can be set to type FileReference, and then the native object will be set to the TextFormat, leading to type confusion.
A use-after-free vulnerability exists in the TextField gridFitType setter in Adobe Flash Player. The vulnerability is caused by a race condition when the TextField object is removed while the gridFitType setter is being called. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user.
Services By CQR