An attacker might write to arbitrary files or inject arbitrary code into a file with this vulnerability. User tainted data is used when creating the file name that will be opened or when creating the string that will be written to the file. An attacker can try to write arbitrary PHP code in a PHP file allowing to fully compromise the server.
A bug discovered in Monkey's HTTP parser allows an attacker to cause a segmentation fault in one of the daemon's threads using a specially crafted request containing a null byte. An attacker can crash all the available threads by sending the specially crafted request multiple times, rendering the server useless for legitimate users.
Intrasrv Simple Web Server 1.0 is vulnerable to a SEH based buffer overflow attack. An attacker can send a specially crafted HTTP request with an overly long string in the GET request, which can lead to arbitrary code execution. The vulnerable code is located in the function ‘GetRequest’ in the file ‘intrasrv.exe’. The application does not properly validate the length of the user-supplied input, which can be exploited to overwrite the SEH handler.
Multiple vulnerabilities have been found in Zavio IP cameras based on firmware v1.6.03 and below, that could allow an unauthenticated remote attacker: 1. [CVE-2013-2567] to bypass user web interface authentication using hard-coded credentials. 2. [CVE-2013-2568] to execute arbitrary commands from the administration web interface. This flaw can also be used to obtain all credentials of registered users. 3. [CVE-2013-2569] to access the camera video stream. 4. [CVE-2013-2570] to execute arbitrary commands from the administration web interface (post authentication only).
This module exploits a heap based buffer overflow in the C1Tab ActiveX control, while handling the TabCaption property. The affected control can be found in the c1sizer.ocx component as included with IBM SPSS SamplePower 3.0. This module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1.
Multiple vulnerabilities have been found in TP-Link IP cameras based on firmware v1.6.18P12 and below, that could allow an unauthenticated remote attacker to bypass user web interface authentication using hard-coded credentials [CVE-2013-2572] and to execute arbitrary commands from the administration web interface [CVE-2013-2573]. This flaw can also be used to obtain all credentials of registered users.
It is possible to make calls from using the first available sip account, without supervision or confirmation of the user, also the call receiver can listen through the phone mic.
This exploit allows an attacker to gain access to the router configuration if remote management is enabled. If the attacker is connected to the router network, they can discover other configured SSIDs. This exploit was successfully tested against TP-LINK WR842ND with Firmware Version 3.12.22 Build 120424 Rel.39632n.
CodeBlocks 12.11 is vulnerable to a buffer overflow when a user searches for a specific character in the 'Find in files' section. The user must leave the 'Search path' section blank and type any character in the 'Text to search for' section. This will cause a crash due to a stack-based buffer overflow.
This module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to read into a stack buffer, thus the overflow becomes possible.
Services By CQR