A Network Time Protocol (NTP) Amplification attack is an emerging form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible NTP servers to overwhelm a victim system with UDP traffic. The NTP service supports a monitoring service that allows administrators to query the server for traffic counts of connected clients. This information is provided via the βmonlistβ command. The basic attack technique consists of an attacker sending a "get monlist" request to a vulnerable NTP server, with the source address spoofed to be the victimβs address.
The SSDP protocol can discover Plug & Play devices, with uPnP (Universal Plug and Play). SSDP is HTTP like protocol and work with NOTIFY and M-SEARCH methods. This exploit sends SSDP packets from one source to another, which can be used to launch a DDoS attack.
Multiple SQL Injection vulnerabilities has been detected in the Wordpress cp-multi-view-calendar plugin in version 1.1.7. The vulnerability allows remote attackers to inject own sql commands to compromise the affected web-application and connected dbms. The SQL Injection vulnerabilities are located in the `edit.php` and `datafeed.php` files. Remote attackers are able to inject own sql commands to the vulnerable parameters value in these files GET/POST method request.
A vulnerability has been detected in the WordPress CP Image Store with Slideshow plugin in version 1.0.5. The vulnerability allows remote attackers to download arbitrary files from the server. The Arbitrary file download vulnerability is located in the `cp-image-store.php` file. The web vulnerability can be exploited by remote attackers without privileged application user account and without required user interaction. Successful exploitation of the Arbitrary file download vulnerability results in application compromise.
Create a .xml file with numerous 'A's (around 1000) in it and save as test.xml. Go to this directory in windows '/appdata/roaming/notepad++/themes/' and paste above test.xml file in this theme folder and restart notepad++. Now start notepad++ and in menu tab, go in settings and then select style configurator and now select test file in theme select option. Now hit 'save and close' button, it will crash with an error message.
A zip file with a folder inside named '#' can be used to cause an endless call's of lstat64() (50 % CPU usage) (Freeze app) when extracted using File Roller.
A local SEH Buffer Overflow vulnerability has been discovered in the official Blueberry Express v5.9.0.3678 software. The vulnerability allows local attackers to compromise the system with elevated privileges. The vulnerability is located in the `bbflashback.exe` module with the vulnerable function `bbflashback.exe` when processing to execute the `bbflashback.exe` file with a long string buffer.
The easy2map plugin for WordPress is vulnerable to a SQL injection vulnerability due to the lack of sanitization of user input when constructing SQL queries. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable plugin. This can allow an attacker to execute arbitrary SQL commands on the underlying database, potentially allowing them to gain access to sensitive data.
A persistent XSS vulnerability was discovered in the Users module that is distributed with the core distribution of the CMS. The issue potentially allows elevation of privileges by tricking an administrator to execute some custom crafted script on his behalf. The issue affects the Username field, since a user is allowed to register a username containing potentially dangerous characters.
AirLive MD-3025, BU-3026, BU-2015, WL-2000CAM and POE-200CAM are IP cameras designed for professional surveillance and security applications. The built-in IR LEDs provide high quality nighttime monitoring. These AirLive devices are vulnerable to an OS Command Injection Vulnerability. In the case of the MD-3025, BU-3026 and BU-2015 cameras, the vulnerability lies in the cgi_test.cgi binary file. In the case of the WL-2000CAM and POE-200CAM cameras, the command injection can be performed using the vulnerable wireless_mft.cgi binary file.
Services By CQR