The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraSVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
The UltraMJCam ActiveX Control 'UltraMJCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraMJCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
Insufficient separation of privileges. Any account with user-level privileges has the following privileges in the web interface: Access to the device's configuration, Access to the device's log files, Access to the device's firmware.
A vulnerability present in Drupal < 7.34 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).
A vulnerability present in Wordpress < 4.0.1 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).
A denial of service vulnerability exists in WordPress versions prior to 4.0. An attacker can send a large number of POST requests with a large username and password to the wp-login.php page, which will cause the server to become unresponsive. This can be done by using the proof-of-concept code developed by john@secureli.com.
xEpan have elfinder which can exploited to upload a backdoor. Vulnerable page is http://target/elfinder/elfinder.html. Just upload your php backdoor and acess there http://target/elfinder/files/<backdoor_name>. Database information can be leaked from http://target/install.sql. Important file, like ftp password, is stored in a public file http://target/ftpsync.settings. Weak password used is http://target/index.php?page=owner_dashboard with admin:admin.
Slider Revolution and Showbiz Pro fail to check authentication in revslider_admin.php/showbiz_admin.php allowing an unauthenticated attacker to abuse administrative features. Some of the features include: Creating/Deleting/Updating sliders, Importing/exporting sliders, Updading plugin.
This module exploits a command injection vulnerability in WAN Emulator v2.3. The vulnerability exists in the 'cmd' parameter of the '/admin/cmd/' URI, which is accessible to authenticated users. An attacker can inject arbitrary commands, which are executed with root privileges.
The vulnerability exists due to insufficient validation of the HTTP request origin when creating new user accounts. A remote unauthenticated attacker can trick a logged-in administrator to visit a malicious page with CSRF exploit, create new account with administrative privileges and get total control over the vulnerable website.
Services By CQR