An independent laboratory researcher discovered a local stack buffer overflow vulnerability in the official QuickHeal AntiVirus 7.0.0.1 (b2.0.0.1) Pro software.
This proof of concept demonstrates a stored XSS vulnerability in e-mail clients when JavaScript is inserted into the body of an e-mail.
Lowest unique bid auction is vulnerable to SQL injection. An attacker can inject malicious SQL queries into the vulnerable parameter 'id' in the URL. This can be used to bypass authentication, access, modify and delete data in the back-end database.
This proof of concept demonstrates that the admin password can be changed by an attacker in a CSRF attack. However, it seems like any setting in the device can be manipulated using an attack like this. The device does not ask for the current password.
The Cisco EPC 2425 routers supplied by UPC are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker. The WPA-PSK pass phrase has the following features: Random, A to Z Uppercase only, 8 characters long, 208,827,064,576 possible combinations ( AAAAAAAA ZZZZZZZZ ) 26^8. We recently purchased a used rig, comprising off: Windows 7, I3 Processor, 4GB RAM, 2TB Drive, Radeon HD 5850. We generated 26 dictionary files using mask processor by ATOM, piping each letter out to its own file, for example: A: ./mp32 A?u?u?u?u?u?u?u > A.TXT = AAAAAAAA AZZZZZZZ. Using our Radeon HD5850 on standard settings, we were hitting 80,000 keys per second. Breakdown below: 26^8 = 208,827,064,576 ( 208 billion possible combinations ) 26^8 / 80,000 keys per second = 2,610,338 seconds. For 185, we had built a computer that could crack the default UPC wireless password within 30 days. The WPA-PSK handshakes were obtained using airodump-ng.
The Vulnerability Laboratory Research Team discovered multiple web vulnerabilities in the official Eigthythree Phone Drive v4.1.1 iOS mobile application. The remote web vulnerability allows to inject local commands via vulnerable system values to compromise the apple iOS mobile web-application. The injection point is the `file` value of the `/app/file.php` file and the execution point is the `/app/file.php` file.
PotPlayer 1.5.42509 Beta is vulnerable to an Integer Division by Zero Exploit. This vulnerability can be exploited by creating a malicious file with a specially crafted header. When the file is opened in PotPlayer, it will cause a divide-by-zero exception, resulting in a denial of service.
Cerberus P 6363 DSL Router is vulnerable to Authentication Bypass and Multiple Cross Site Scripting. Authentication Bypass can be exploited by setting a special cookie before accessing the GUI. Multiple Cross Site Scripting can be exploited by turning off JavaScript or writing some simple scripts that won't interpret JS code like web browser does.
The script uses the db_escape_string() function to secure the input, however, the function only disables the ' and " characters, allowing attackers to bypass it if the query does not use '.
This exploit is for Castripper 2.50.70 (.pls) which is a stack buffer overflow/DEP bypass exploit. It uses ROP gadgets from the application's DLLs and a hardcoded SetProcessDEPPolicy() address. It also uses POP EDX, POP EBP, POP EBX, POP EDI, POP ESI, and PUSHAD instructions to bypass DEP.
Services By CQR