This module exploits a stack buffer overflow in RM Downloader v2.7.5.400 creating a specially crafted .ram file, an attacker may be able to execute arbitrary code.
Ultimate Product Catalogue is a responsive and easily customizable plugin for all your product catalogue needs. It has +63.000 downloads, +4.000 active installations. Product Name and Description and File Upload formulary of plugin Ultimate Product Catalog lacks of proper CSRF protection and proper filtering. Allowing an attacker to alter a product pressented to a customer or the wordpress administrators and insert XSS in his product name and description. It also allows an attacker to upload a php script though a CSRF due to a lack of file type filtering when uploading it.
I believe this to be the same issue that was reported on CVE-2015-0252, posting this in case anyone is interested in reproducing it. Original advisory: https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt $ printf "xffxfex00x00x3c" > file.xml $ DOMPrint ./file.xml # Ubuntu 15.04 libxerces-c3.1 package Segmentation fault $ ./DOMPrint ./file.xml # ASAN Enabled build
A local file include web vulnerability has been discovered in the official PhotoWebsite v3.1 iOS mobile web-application. The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application.
A denial of service vulnerability has been discovered in the official Grindr v2.1.1 iOS mobile web-application. The vulnerability allows remote attackers to crash the application service by sending a malicious request to the application. The vulnerability is located in the `/api/v2/user/` POST method request of the application. Remote attackers are able to crash the application service by sending a malicious request to the application.
This document details a stack based buffer overflow vulnerability within TestDisk 6.14. A buffer overflow is triggered within the software when a malicious disk image is attempted to be recovered. This may be leveraged by an attacker to crash TestDisk and gain control of program execution. An attacker would have to coerce the victim to run TestDisk against their malicious image.
This module exploits an unintialized memory vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, which fails to initialize allocated memory. When using a correct memory layout this vulnerability leads to a ByteArray object corruption, which can be abused to access and corrupt memory. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 15.0.0.189.
OS Solution OSProperty 2.8.0 was vulnerable to an unauthenticated SQL injection in the country_id parameter of the request made to retrieve a list of states for a given country. The version was not bumped when the vulnerability was fixed, but if you download after April 27th, you downloaded a fixed version. An attacker could exploit this vulnerability by sending a specially crafted request with a malicious payload to the vulnerable parameter. The payload used was a UNION query with NULL and CONCAT functions.
Security researcher John Page discovered a CSRF & client-side cross site scripting web vulnerability within Wing FTP Server Admin that allows adding arbitrary users to the system.
A memory corruption occured within the LZW algorithm that is used to decode GIF. A specifically crafted GIF could lead to a controled memory corruption.
Services By CQR