A denial of service vulnerability exists in TP-LINK TD-W8151N routers due to improper validation of user-supplied input. An attacker can send a specially crafted HTTP POST request to the vulnerable router to cause a denial of service condition.
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
A CSRF vulnerability in Multisite Post Duplicator could allow an attacker to copy content from one site of a multisite installation to another. This could be used to add arbitrary HTML to the front-end of the site (which could be used for defacement, harvesting login credentials from authenticated users, or could be used to do virtually anything a logged-in admin user can do). This could also be used to view content not meant to be published.
Special crafted certificate file may lead to memory corruption of several processes and the vector attack may be through Mobile Safari or Mail app. Attacker may control the overflow through the certificate length in OCSP field.
Any unauthenticated user can inject SQL commands on the <base-url>/view_logs/search_all_history.php?menu_id=-466 and extractvalue(1,(select make_set(511,0,SUBSTRING(password,1,20),1) from login_master limit 0,1 ))-- - So an user can fetch admin details and can easily get root on that server if server is SmartGuard 6.0A Revolutions as php runs as user root by default. This this vulnerability can make whole server vulnerable.
This exploit is for 10-Strike Network File Search Pro 2.3. It is a SEH exploit which uses a buffer overflow to overwrite the SEH handler. The exploit code creates a file called poc.txt which contains a buffer of 0xfe0 bytes followed by shellcode, junk, a jump instruction and a nseh instruction. When the poc.txt file is opened in the application, the SEH handler is overwritten and the shellcode is executed.
The ARG-W4 ADSL Router is vulnerable to Denial of Service attack when a malicious user sends a crafted HTTP request to the router. Additionally, the router is vulnerable to Cross-Site Request Forgery (Add Admin) and Cross-Site Request Forgery (Change DNS) attacks when a malicious user sends a crafted HTML form to the router.
An user who has access to send DHCP via either VPN or Wireless connection can serve a host name with script tags to trigger XSS. Could be potentially used to connect to open or guest WIFI hotspot and inject stored XSS into admin panel and steal cookie for authentication.
The Splunk Enterprise application is affected by a server-side request forgery vulnerability. This vulnerability can be exploited by an attacker via social engineering or other vectors to exfiltrate authentication tokens for the Splunk REST API to an external domain. A server-side request forgery (SSRF) vulnerability exists in the Splunk Enterprise web management interface within the Alert functionality. The application parses user supplied data in the GET parameter ‘alerts_id’ to construct a HTTP request to the splunkd daemon listening on TCP port 8089. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make a HTTP request to an arbitrary destination host. The issue is aggravated by the fact that the application includes the REST API token for the currently authenticated user within the Authorization request header.
In Roundcube 1.2.2, and earlier, user-controlled input flows unsanitized into the fifth argument of a call to PHP's built-in function mail() which is documented as security critical. The problem is that the invocation of the mail() function will cause PHP to execute the sendmail program. The fifth argument allows to pass arguments to this execution which allows a configuration of sendmail. Since sendmail offers the -X option to log all mail traffic in a file, an attacker can abuse this option and spawn a malicious PHP file in the webroot directory of the attacked server.
Services By CQR