Cross site request forgery vulnerability in Jenkins 1.626 allows remote attackers to hjiack the authentication of users for most request. Using CSRF it is able to change specific settings or even execute code on os as shown in the examples.
Wordpress Responsive Thumbnail Slider Plugin is a with 6000+ active install and suffer from a file upload vulnerability allow attacker upload shell as a image. Authors, editors and of course administrators this vulnerability to harm website. For exploiting this vulnerability, go to add image section and upload file by self plugin uploader then upload file with double extension image and by using a BurpSuite or Tamper Data change the file name from Shell.php.jpg to Shell.php and shell is uploaded.
A remote denial of service vulnerability has been discovered in the official Photo Transfer 2 - v1.0 iOS mobile web-application. The issue allows local attackers to crash or shutdown the software client by usage of special crafted payloads. The vulnerability is located in the id value restriction of show module path context. Remote attacker can easily crash the application remotly by including wrong and large id context in integer format.
A registered or non-registered user can create a calendar event including malicious JavaScript code who will be permanently stored in the pages source.
BSIGN v0.4.5 and prior is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker could exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
FENIX v0.92 and prior is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker could exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Xion Audio Player build 155 is vulnerable to a stack based buffer overflow when a malformed MP3 file is dragged into the application. The crash can be reproduced by replacing the details of the legit MP3 file with large number of 'A's or any other random value.
FHFS is a FTP and HTTP Web Server package, transparently based on HFS and FileZilla. A vulnerability exists in FHFS version 2.1.2 which allows an attacker to execute arbitrary commands on the server by sending a specially crafted HTTP request. This can be exploited by sending a GET request with a specially crafted parameter to the vulnerable server.
Magento shoplift bug originally discovered by CheckPoint team (http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/). This python script developed by joren but it was having some bug because of which it was not working properly. If magento version is vulnerable, this script will create admin account with username forme and password forme.
VLC media player 2.2.1 is vulnerable to a stack overflow vulnerability when processing specially crafted m3u8/m3u files. This can be exploited by an attacker to cause a denial of service condition or potentially execute arbitrary code.
Services By CQR