Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080.
Dynamically creating HTML elements IMG,FORM,DIV,P,A,H2,IFRAME,TABLE,TEXTAREA and assigning very long string of junk chars to the 'style.color' property results in Firefox Browser out of memory crash (not tab crash). Tested on Windows 7.
An Out of Bound Read vulnerability exists in the TIFF Library when processing a specially crafted TIFF file. The vulnerability is caused by a missing check in the _TIFFVGetField() function in tif_dir.c, which can be triggered by a specially crafted TIFF file. This can lead to a crash or potential code execution.
A memory leak vulnerability was discovered in TIFF2PS/TIFF2PDF, which is triggered by “./tiff2ps $POC” or “./tiff2pdf $POC”. The asan debug information shows that 1792 bytes in 7 objects and 170491316224 bytes in 223 objects were leaked. This vulnerability affects versions <=4.0.8.
A buffer overflow vulnerability exists in the TIFFWriteDirectoryTagCheckedLong8Array function of LibTIFF library. When a specially crafted TIFF file is processed, it can cause a buffer overflow, resulting in a denial of service or potentially arbitrary code execution.
The application allows an attacker to specify a server where a custom protocol is implemented. This server performs the authentication and allows an attacker to execute controlled SQL directly against the database as root.
This module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database. Command injection will be performed with root privileges. The default pre-packaged ISO builds are available from goautodial.org. Currently, the hardcoded command injection payload is an encoded reverse-tcp bash one-liner and the handler should be setup to receive it appropriately.
The wchp command to the ZK port 2181 will gather open internal files by each session/watcher and organize them for the requesting client. This command is CPU intensive and will cause a denial of service to the port as well as spike the CPU of the remote machine to 90-100% consistently before any other traffic. The average amount of threads uses was 10000 for testing. This should work on all 3.x+ versions of Zookeeper.
A vulnerability exists in OpenDreamBox 2.0.0 where an attacker can execute arbitrary commands on the system by exploiting a command injection vulnerability in the WebAdmin plugin. The attacker can send a specially crafted HTTP request to the vulnerable server in order to execute arbitrary commands on the system.
SQL Injection in WatuPRO WordPress Plugin for create exams, Tests and Quizzes allow the attacker dump the database contents. This plugin sending quizzes to the server with “watupro_questions” parameter not sanitize before take SQL statement.
Services By CQR