Two SQL Injection vulnerabilities were discovered in iTechClassifieds v3.03.057. The first vulnerability is located in the 'PreviewNum' parameter of the 'ChangeEmail.php' script. The second vulnerability is located in the 'CatID' parameter of the 'ViewCat.php' script.
This vulnerability leads to a remote code execution when a user opens a malicious XPS document. When MuPDF loads the XPS document, it loads the first page and parses each element via xps_parse_element() as detailed in the XPS specification. When the crash occurs, the call stack looks like this: mupdf.exe!xps_parse_path, mupdf.exe!xps_parse_element, mupdf.exe!xps_parse_fixed_page, mupdf.exe!xps_run_page, mupdf.exe!fz_run_page_contents, mupdf.exe!pdfapp_loadpage. In this case, the Path element is parsed via the xps_parse_path() function which allows extraction of the attributes and extended attributes (Clip, Data, Fill, ...). If some conditions are fulfilled, we can trigger a stack overflow in the xps_parse_color() function when it parses the value “ContextColor” of the attribute “Fill”.
The vulnerability exists in the BLUE COM Router - 5360/52018, which allows an attacker to reset the password of the router without any authentication. The exploit is achieved by sending a POST request to the password.cgi page with the new password in the sysPassword parameter.
The variable Network Name (SSID): has been set to '><img src=x onerror=prompt(1);>%3E' which is a stored XSS vulnerability.
AfterLogic WebMail is a browser-based e-mail and collaboration front end, designed to work with your existing messaging solutions. XSS codes can be stored in E-Mail Body. So you can send an email to the Victim with below payload and steal the victim's cookie.
The vulnerability exists in the showprofile parameter of the index.php file. An attacker can inject malicious JavaScript code in the profile parameter to perform XSS attacks. Additionally, the doodle4gift.xml file contains sensitive information such as Id, Password, and Email.
Multiple ASUS routers including the RT-N56U and RT-AC66U have the ability to install supplemental applications. This install process is handled by the routers web server, and is susceptible to multiple Buffer Overflow attacks. Vulnerable Web Page: APP_Installation.asp Vulnerable HTML Parameters: apps_name, apps_flag Vulneralbe Source File: web.c of httpd code *Firmware versions prior to the tested version were vulnerable to this attack.
SmarterMail Enterprise and Standard versions <= 11.x are vulnerable to stored XSS. An attacker can send an email to the victim with a malicious payload and steal the victim's cookie. The malicious payload is a javascript html char encode which can be used to execute malicious code.
A buffer overflow vulnerability exists in haneWIN DNS Server 1.5.3, which could allow an attacker to cause a denial of service condition. By sending a specially crafted packet with an overly long string, an attacker can cause a buffer overflow, resulting in a denial of service condition.
Cross Site Request Forgery (CSRF) vulnerability in Vacation Rental Script V3.0 allows remote attackers to hijack the authentication of administrators for requests that create new admin accounts. Multiple Cross Site Scripting (XSS) vulnerabilities in Vacation Rental Script V3.0 allow remote attackers to inject arbitrary web script or HTML via the i18n[1][name] parameter to index.php in the Types and Features modules.
Services By CQR