A buffer overflow vulnerability exists in BlazeDVD Pro 6.1 when a specially crafted .plf file is opened. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a boundary error when handling .plf files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
This module exploits a directory traversal flaw in JIRA 6.0.3. The vulnerability exists in the issues collector code, while handling attachments provided by the user. It can be exploited in Windows environments to get remote code execution. This module has been tested successfully on JIRA 6.0.3 with Windows 2003 SP2 Server.
The vulnerability exists within the phpMyAdmin module supplied by XAMPP. In the phpMyAdmin module of the XAMPP application the following urls are vulnerable to cross site scripting attacks. The "db" parameter can be passed with { >"'><img src="javascript:alert(311050)"> } in the url resulting in a reflected cross site scripting attack.
This exploit is for InfraRecorder version 0.53. It creates a malicious .m3u file with 5000 'A' characters which when imported into the application causes a memory corruption. This leads to a denial of service (DoS) attack.
grandMA onPC version 6.808 is exposed to a remote denial of service issue when processing socket connection negotiation. This issue occurs when the application handles a single malformed packet over TCP port 7003, resulting in a crash.
A persistent input valiadtion web vulnerability has been discovered in the official Private Photo+Video v1.1 Pro iOS mobile web-application. The vulnerability allows remote attackers to inject own malicious script codes to the application-side of the vulnerable service module. The vulnerability is located in the `name` value of the `upload` module. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable service module. The request method to inject is POST and the attack vector is located on the application-side.
The vulnerability exists due to insufficient verification of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create a website backup.
This module exploits the trusted $PATH environment variable of the SUID binary 'ibstat'.
Sending to a legitimate user the following request: https://trusteddomainname/identity/faces/firstlogin?action=changepwd&backUrl=https://myevildomain/ it is possible, after the password change procedure, to redirect the user to a malicious domain. Attacker links to unvalidated redirect and tricks victims into clicking it. Victims are more likely to click on it, since the link is to a valid site. So such redirects may attempt to install malware or trick victims into disclosing passwords or other sensitive information.
Login to the admin portal and access search functionality. Here the 'search' parameter is vulnerable to stored XSS. Payload: '">><marquee><img src=x onerror=confirm(1). Login to the admin portal and click the 'My Preferences' and click 'My account' section. Here, the 'email address' parameter is vulnerable to reflected XSS. Payload: '"";</script><script>alert(0)</script><"
Services By CQR