The Router usually servers html files & are protected with HTTP Basic Authentication. However, the CGI files does not protect this file from getting exposed to public. A Simple GET request would be needed to made to router that would give a remote attacker an opportunity to modify router PPPoE configurations, setup malicious configurations which later could lead to disrupt network & its activities.
By having a user import a crafted dive.xml file (very common, many divers share logs), it is possible to execute a XXE injection which retrieves local files and exfiltrates them to a remote attacker.
Winamp Pro versions 5.66.Build.3512 and below are vulnerable to a denial of service attack when a specially crafted .wav, .wmv, .au, .asf, .aiff, or .aif file is opened. This causes the application to crash.
A denial of service vulnerability exists in KMPlayer v4.2.2.4 when a specially crafted .nsv file is opened, which could allow an attacker to cause a denial of service condition.
Exim is vulnerable to a buffer overflow vulnerability while parsing BDAT data header. The vulnerability occurs when the function pointer receive_getc is not reset and the following command is also a BDAT, receive_getc and lwr_receive_getc become the same and an infinite loop occurs inside bdat_getc. This can lead to a program crash or an infinite loop without crashing, which can be used to raise a resource based DoS attack.
The JIT compiler in the Chrome browser is vulnerable to a type confusion vulnerability. This vulnerability occurs when the JIT compiler emits a BailOnNotObject opcode in the first analysis of a loop, but the return value of valueType.HasBeenNumber() can be different in the second analysis. This can lead to type confusion, which can be exploited to execute arbitrary code.
In the following JavaScript code, both of the print calls must print out "undefined" because of "x" is a formal parameter. But the second print call prints out "function x() { }". This bug may lead to type confusion in JITed code. The following code in "PreVisitFunction" is used to decide how to optimize arguments. "HasAnyWriteToFormals" set by "Parser::BindPidRefsInScope" returns true in the following example code where "x" is formal. But the method can't detect the above buggy case, so it may end up wrongly optimizing arguments.
A buffer overflow vulnerability exists in the Windows 10 Professional (x86) operating system due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted payload to the vulnerable system. This will allow the attacker to execute arbitrary code on the target system.
When __walk_page_range() is used on a VM_HUGETLB VMA, callbacks from the mm_walk structure are only invoked for present pages. However, do_mincore() assumes that it will always get callbacks for all pages in the range passed to walk_page_range(), and when this assumption is violated, sys_mincore() copies uninitialized memory from the page allocator to userspace.
There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. The PoC provided in the source code triggers an ASan log which shows a heap-buffer-overflow on address 0x61200007e474 at pc 0x0001130a7153 bp 0x7fff5463b410 sp 0x7fff5463b408.
Services By CQR