The vulnerability is caused due to a boundary error within the processing of GIF images and can be exploited to cause a heap-based memory corruption. Successful exploitation may allow execution of arbitrary code.
The dasboard tool is part of the Seagate software solution for storage. The Dashboard.exe process opens a random port in the 5000-6000 range on each launch. The attached Python script will send 3100 A's to the target port. This will cause a crash in the Dashboard.exe process.
When parsing a print job request, cupsd can be forced to over-decrement the reference count for a string from the request. As a result, an attacker can prematurely ffree a string, and use the freed memory to control the execution flow of cupsd.
HansoPlayer 3.4.0 is vulnerable to a memory corruption vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability by crafting a malicious .wav file and sending it to the victim, resulting in a denial of service condition.
WinylPlayer 3.0.3 is vulnerable to a memory corruption vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability by crafting a malicious .wav file and sending it to the victim, which will cause the application to crash.
Lively cart is shping cart script and search parameter(search_query) in not filtering user supplied data and hence affected from SQL injection vulnerability.
Multiple vulnerabilities have been discovered in the official ManageEngine SupportCenter Plus v7.90 web-application. The vulnerabilities are located in the `/helpdesk/` directory and the `/helpdesk/Admin/` directory. Remote attackers are able to inject malicious script codes to the application-side of the vulnerable service. The vulnerabilities are located in the `name` and `description` value of the `/helpdesk/Admin/EditCategory.jsp` and `/helpdesk/Admin/EditPriority.jsp` POST method request. Remote attackers are able to inject malicious script codes to the application-side of the vulnerable service.
The vulnerability lies in the COM component used eSellerateControl350.dll (3.6.5.0) method of the ''GetWebStoreURL' member.
The vulnerability lies in the COM component used eSellerateControl350.dll (3.6.5.0) method of the ''GetWebStoreURL' member.
BlackCat CMS v1.1.1 is vulnerable to an arbitrary file download vulnerability due to insufficient sanitization of user input. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server, which will allow the attacker to download any file from the server.
Services By CQR