CVE-2013-1663 is a possible remote DOS attack issue. This issue has been fixed in >=GNUTLS-3.0.14. The attacker should try to construct a crafted certificate for triggering the below function fails: ret = gnutls_pubkey_import_x509(pcert->pubkey, crt, 0); if (ret < 0) { gnutls_pubkey_deinit(pcert->pubkey); /* pcert->pubkey should be NULL now */ ret = gnutls_assert_val(ret); goto cleanup; } Two crafted cert files (client.pem, client2.pem) seem to trigger the double free issue in the client's side.
This exploit allows an attacker to remotely bypass the username and password of a StarVedia IPCamera IC502w IC502w+ v020313 device.
An attacker can exploit this vulnerability by creating a malicious HTA file and using the LocalFileWrite method of the FtpLibrary ActiveX control to write the malicious HTA file to the startup folder of the target system. This will cause the malicious HTA file to be executed when the system is restarted.
ViewGit contains multiple persistent arbitrary script injection (XSS) vulnerabilities in its 'Shortlog' and 'Heads' tables. These vulnerabilities are triggered by malicious data inserted via the branch or tag systems of git by one of the users of the repository.
An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a specially crafted SQL query in the 'list_id' parameter. This query will be executed on the server and can be used to extract sensitive information from the database.
Verizon Fios Router CSRF Admin Shell is a vulnerability discovered and reported in January 2013 by Jacob Holcomb/Gimppy, a Security Analyst at Independent Security Evaluators. The vulnerability affects the Verizon FIOS Router with Firmware 40.19.36. It allows an attacker to add an administrator user to the router without any password confirmation. The exploit code consists of two HTML files, the first one adds the administrator user and the second one adds the user without any password confirmation.
Count per Day is a WordPress plugin that allows users to track the number of visitors to their website. The plugin is vulnerable to CSRF due to the lack of a CSRF token in the counter.php file. An attacker can craft a malicious request to the counter.php file with a malicious referer, which will be stored in the database. When the admin views the Count per Day - Statistics page, the malicious JavaScript payload will be executed.
You can use the CSRF vulnerability to add/delete Occasions. It is also possible to enter JavaScript in occ_content1 parameter when occ_type1=1. This can be used to execute arbitrary JavaScript in the front-end area (shortcode = [Occasions]). The PoC will add an alert in the front-end area.
The WordPress Simply Poll Plugin 1.4.1 is vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The question parameter is vulnerable to XSS and the plugin has an CSRF vulnerability (Polls=>Add New). The PoC leads to arbitrary javascript execution in back-end area. An attacker can exploit this vulnerability by sending a link (pointing to the PoC html file) to a logged in admin. When the admin views the Polls the javascript Code will execute.
DaloRadius is vulnerable to Cross-Site Request Forgery (CSRF) on all locations, including the Change Admin Password page. An attacker can craft a malicious request to change the administrator password without any security tokens. Additionally, DaloRadius is vulnerable to multiple SQL Injection and XSS vulnerabilities on the acct-ipaddress.php, acct-date.php, and other pages.
Services By CQR