BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials.
The Android application is vulnerable to Remote Code Execution attacks. This is caused by the lack of input validation and the use of the WebViewExtras.addJavascriptInterface() method.
The Android application reviewed, according to the developer, performs a 'thorough forensic level Penetration Test'. During run-time and reverse engineering analysis, it was discovered that the application does a connect() scan (i.e. TCP 3-way handshake) to all 65535 TCP ports, for the external IP address of the app user, with 10 simultaneous threads. However, in case a target has all 65535 TCP ports open, the application will actually report that there are 87375 'threats' (i.e. ports) open. Even after scanning all the ports, the application will continue to run forever, and for example count down from the same minute several times. (i.e. when the timer hits 14:00, it goes back up to 14:59). The application does not report to the user which ports are open, and it does not provide a final report either. Nor does it even attempt to grab any service banners. If the 'Send to eVestigator' button is clicked, none of the scan details are sent either. Instead, the external IP address along with other details about the Android environment + user-entered details are sent.
The code defined in BranchIfFastRegExp checks whether a regular expression object has the default map, however, it is possible to alter the map after this check has been performed. This can cause inline fields, such as lastIndex to be changed to dictionary properties. This will cause out-of-bounds reads and writes the next time lastIndex is accessed on the fast path.
There are three variants of the below crash, all of which stemming from an unbound copy into a fixed size stack buffer allocated in the function ASFParser::SetMetaData, used as an argument to each of the three calls to the function unicodeToUtf_8 without checking that the output length will be less than the size of the buffer.
Humax HG100R backup file download vulnerability allows an attacker to download the configuration file without authentication. This vulnerability is due to the lack of authentication in the GatewaySettings.bin file. An attacker can exploit this vulnerability by sending a GET request to the GatewaySettings.bin file. The configuration file will be downloaded and decoded in base64 format.
Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request via the Fileserver web application.
This module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the connection's previous SSL session is reused, even though it has previously been freed.
This program is vulnerable to a stack-based buffer overflow vulnerability. It is possible to overwrite the stack pointer by allocating a large amount of memory with the mmap() function and then writing to it. This can be used to execute arbitrary code.
FreeBSD_CVE-2017-FGPE.c is a program for CVE-2017-1084 which is a stack clash vulnerability. It is a type of vulnerability which allows an attacker to overwrite the stack guard page and gain control of the program execution flow. This program is written in C language and it is compiled with -O0. It is a free software which is distributed under the GNU General Public License. It uses mmap() and setrlimit() functions to allocate memory and set the resource limit respectively. It also uses clash_smash_no_jump() function to overwrite the stack guard page. The program prints the character at the last page and the final distance.
Services By CQR