Foxit Reader suffers from a division by zero vulnerability during the handling of the pdf files, which will trigger a denial of service condition. The faulting address is 0x558c8c and the faulting instruction is div eax,edi. The exploitability classification is EXPLOITABLE.
Improper file permissions on executable file of the application could result on Local Privilege Escalation Vulnerability. It can be used by a simple user that can change the executable file with a binary of choice. The binary (ouc.exe) is set by default to Startup and will be executed with SYSTEM privileges.
Vulnerability found in AdHocQuery module inside the id parameter. By injecting payload after the id parameter, let say ' WAITFOR DELAY '0:0:5'-- the web application hung for 5 seconds, which gives us a conclusion that the web application is vulnerable to time-based sql injection.
A CSRF vulnerability was discovered in JAMF Software's Casper Suite MDM Solution. If the HTML parameter/variable 'user_id' is changed to a value of negative one (-1), this request to the web server will create a new user.
Executing this script on page load will cause the users modem to restart when they visit the page. This example uses javascript but can just as easily written to in another language to accomplish something similar. Attack consists of two parts. Part 1 - Privilege Escalation: POST: http://192.168.100.1/goform/_aslvl PARAMS: SAAccessLevel=2&SAPassword=W2402 Part 2 - Modem Restart: POST: http://192.168.100.1/goform/gscan PARAMS: SADownStartingFrequency=705000000
Input passed to the 'DATA' POST parameter in 'sips_response.php' is not properly sanitised before being used to process product payment data. This can be exploited to execute arbitrary commands via specially crafted requests.
This exploit allows an attacker to execute arbitrary commands on a vulnerable QNX QCONN system. The exploit is triggered by sending a specially crafted telnet request to the target system. The request contains a command to launch the 'shutdown' command, which will cause the system to reboot.
A denial of service vulnerability exists in SafeNet Sentinel Keys Server v7.6.5 (sntlkeyssrvr.exe ver. 1.3.1.3) due to a buffer overflow when sending a specially crafted request to the server. An attacker can send a request with a large number of 'A' characters to the server, causing the application to crash.
Manhali v1.8 is vulnerable to Local File Inclusion vulnerability. An attacker can exploit this vulnerability to include a remote file containing malicious code, resulting in arbitrary code execution on the vulnerable server. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'f' parameter in the 'download.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable script. This may allow the attacker to include a remote file containing malicious code, resulting in arbitrary code execution on the vulnerable server.
This exploit allows an attacker to bypass authentication on Thomson Wireless VoIP Cable Modem. The exploit uses the http_post() function to send a POST request to the modem with the parameters cbDomainBlocking, BasicParentalNewKeyword, BasicParentalKeywordAction, BasicParentalDomainList, BasicParentalNewDomain, BasicParentalDomainAction, cbKeywordBlocking, BasicParentalNewKeyword, BasicParentalKeywordAction, BasicParentalNewDomain, BasicParentralDomainAction, HttpUserId, Password, PasswordReEnter, RestoreFactoryYes. This allows the attacker to reset the password, block domains and keywords, and restore factory defaults.
Services By CQR