Ultimate Product Catalogue is a responsive and easily customizable plugin for all your product catalogue needs. It has +59.000 downloads, +3.000 active installations. Unauthenticated SQL injection in ajax call when the plugin is counting the times a product is being seen by the web visitors. The vulnerable POST parameter is "Item_ID". In file Functions/Process_Ajax.php line 67, the code is "$Item_ID = $_POST['Item_ID']; $Item = $wpdb->get_row("SELECT Item_Views FROM $items_table_name WHERE Item_ID=" . $Item_ID);" and the proof of concept is "POST /wp-admin/admin-ajax.php HTTP/1.1 Host: <wordpress host> [...] Cookie: wordpress_f305[...] Item_ID=2 AND SLEEP(5)&action=record_view".
Quick Search 1.1.0.189 contains a buffer overflow vulnerability in the 'search textbox' which can be exploited by an attacker to execute arbitrary code by using a specially crafted exploit string. The exploit string contains an egghunter which searches the memory for the marker and executes the shellcode once found. The exploit should work across different OS versions.
A remote code execution vulnerability exists in WebUI due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
A vulnerability in the USB Creator utility of Ubuntu allows an attacker to gain root privileges on the system. The vulnerability is due to the fact that the USB Creator utility does not properly sanitize user-supplied input when running in KVM mode. An attacker can exploit this vulnerability by supplying malicious input to the USB Creator utility, which will then be executed with root privileges. This can be done by creating a shared library file containing malicious code and then supplying it as an argument to the USB Creator utility. The malicious code will then be executed with root privileges, allowing the attacker to gain full control of the system.
MooPlayer 1.3.0 is vulnerable to a SEH buffer overflow vulnerability when a specially crafted m3u file is opened. The vulnerability is triggered when the application attempts to process a long string of data, which causes a buffer overflow and overwrites the SEH handler. This can be exploited to execute arbitrary code by redirecting the execution flow to a malicious payload.
Open-Letters is vulnerable to a remote code injection vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable server. This can allow an attacker to execute arbitrary code on the vulnerable server.
This exploit is a local DoS caused by a missing limit check in the fat loader of the Mac OS X Kernel. The exploit is crafted by creating a binary with a large number of architectures and then spawning it. This causes the kernel to crash due to the missing limit check.
Using adb one can create a backup of his/her Android device and store it on the PC. The backup archive is based on the tar file format. By modifying tar headers to contain ../../ like patterns it is possible to overwrite files owned by the system user on writeable partitions. An example pathname in the tar header: apps/com.android.settings/sp/../../../../data/system/evil.txt Tar header checksum must be corrected of course. When restoring the modified archive the BackupManagerService overwrites the resolved file name, since file name is not sanitized.
This module exploits an arbitrary PHP code upload in the WordPress Work The Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution.
This module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.
Services By CQR