PhotoPost is prone to cross site scripting in several different scripts throughout the application. Below are examples: http://path/showgallery.php?cat=[INT]&page=[XSS], http://path/showgallery.php?si=[XSS], http://path/showgallery.php?cat=[INT][XSS], http://path/showgallery.php?ppuser=[INT]&cat=[INT][XSS]. This can be used to render hostile code in the context of the victims browser, or to steal cookie based credentials or other sensitive info. There are several SQL Injection vulnerabilities in this application. Some are easy to exploit, others are not so easy. http://path/showgallery.php?cat=[INT][SQL], http://path/showgallery.php?ppuser=[INT][SQL]&cat=[INT]. These SQL issues can possibly be exploited to influence SQL queries and disclose arbitrary data. These will alse cause XSS if unsuccessful.
An integer signedness error was found in miniupnp's `miniwget` allowing an unauthenticated remote entity typically located on the local network segment to trigger a heap corruption or an access violation in miniupnp's http response parser when processing a specially crafted chunked-encoded http response.
This exploit is related to a vulnerability in the Ubus authentication protocol, which allows an attacker to bypass authentication and gain access to the system. The exploit involves sending a malicious payload to the system, which is then executed by the system. This payload contains a command to add a Samba share and an SSH key to the system, which allows the attacker to gain access to the system.
This is a proof-of-concept local root exploit for CVE-2017-1000112. It includes KASLR and SMEP bypasses, and has been tested on Ubuntu trusty 4.4.0-* and Ubuntu xenial 4-8-0-* kernels. It uses a combination of namespace sandboxing, KASLR bypass, SMEP bypass, and payload execution to gain root privileges.
A buffer overflow vulnerability exists in D3DGear 5.00 Build 2175, which can be exploited by generating a crash.txt file, opening the program, selecting broadcast, and pasting the crash.txt contents in the stream key. The application crashes, with a 00420042 pointer to the next SEH record, but no EIP overwrite, and one unicode PPR pointer.
PHP Melody v2.7.1 is vulnerable to a time-based blind SQL injection in the 'playlist' parameter of the 'ajax.php' page. An attacker can send a malicious HTTP request with a payload of '+(select*from(select(sleep(20)))a)+' to the vulnerable page to cause a delay in the response time, indicating a successful exploitation.
A remote code execution vulnerability exists in Huawei HG532 routers. An unauthenticated attacker can send a specially crafted SOAP request to the router's DeviceUpgrade_1 service on port 37215 to execute arbitrary commands with root privileges. This vulnerability affects Huawei HG532 routers with firmware versions prior to V200R001C01B031SP05.
This module exploits a stack buffer overflow in ALLMediaServer 0.95. The vulnerability is caused due to a boundary error within the handling of HTTP request.
A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 88. Te exploit this vulnerability, an attacker must connect to the server with a long-malicious string.
DotNetNuke DreamSlider Module prior to version X suffer from a remote unauthenticated arbitrary file download vulnerability.
Services By CQR