An arbitrary code execution web vulnerability has been discovered in the official Linkus Photo Manager Pro v4.4.0 iOS mobile web-application. The vulnerability allows remote attackers to execute malicious script code to compromise the application or connected device. The vulnerability is located in the `file` value of the `/upload` POST method request. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable service.
A local file include web vulnerability has been discovered in the official USB Disk Free - File Manager & Transfer v1.0 iOS mobile application. The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application.
A local file include web vuln. has been discovered in the official Linkus Photo Manager Pro v4.4.0 iOS mobile web-application. The vulnerability allows local attackers to inject malicious script codes to the application-side of the vulnerable service. The vulnerability is located in the `file` value of the `index.php` file. Local attackers are able to inject own malicious script codes to the application-side of the vulnerable service. The request method to inject is POST and the attack vector is local.
A local file include web vulnerability has been discovered in the official Mindspeak Software - Wifi Drive Pro v1.2 iOS mobile web-application. The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application.
Multiple persistent input validation web vulnerabilities have been discovered in the official SevDesk v3.10 web-application & cloud online-service. The vulnerabilities are located in the `name` and `password` value of the `login` module. Remote attackers are able to inject own malicious script codes to the vulnerable application-side of the online service. The vulnerabilities are persistent and can be exploited by remote attackers without user interaction or privileged application user account.
The vulnerability is caused due to a certain value in a document, which can be exploited to corrupt memory via a specially crafted document. Successful exploitation may allow execution of arbitrary code.
A buffer overflow vulnerability exists in Oracle? Hyperion Smart View for Office Fusion Edition 11.1.2.3.000 Build 157 when a large value is entered into the 'Shared Connections URL' field in the 'Options' menu. This can be exploited by any Microsoft Office product such as Excel, Word, or PowerPoint. The output of the crash analyzed in the debugger is shown in the text.
This exploit is a privilege escalation vulnerability in Apport, a crash reporting system used in Ubuntu. It allows a local user to gain root privileges by exploiting a race condition in the Apport crash handler. The vulnerability is caused by a race condition between the setuid() and execve() system calls. The exploit creates a malicious Apport crash handler script, which is then executed by the Apport crash handler. The malicious script then creates a setuid root shell, which is then executed by the Apport crash handler.
This exploit is a denial of service vulnerability in Microsoft IIS web server. It is caused by a specially crafted HTTP request with a range header that specifies a very large range. This causes the server to crash and become unresponsive.
WordPress MiwoFTP Plugin 1.0.5 suffers from arbitrary file download vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server in order to download any file from the server.
Services By CQR