Multiple Remote Code Execution vulnerabilities were found in NTOP-BOX Appliance. These vulnerabilities can be exploited by sending specially crafted POST and GET requests to the vulnerable application. The issues were found originally in nbox 2.3 and confirmed in nbox 2.5.
Multiple vulnerabilities have been discovered in NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS Surveillance application. NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. NVRsolo is NUUO’s answer to hassle free, lightweight NVR system. NUUO Crystal™ is the product that represents the next stage in VMS evolution. NETGEAR combines leading storage and backup solutions with the industry’s most comprehensive surveillance solution. ReadyNAS Surveillance is the only surveillance solution that is integrated with ReadyNAS storage systems.
This issue was uncovered with AFL (http://lcamtuf.coredump.cx/afl/). The attached sample evokes a divide-by-zero error in the dissect_pbb_tlvblock() function at packet-packetbb.c:289. The variable of interest seems to be 'c' which is set at packet-packetbb.c:285 using two other variables and an addition. When c is zero, the expression 'length/c' at packet-packetbb.c:289 results in a divide-by-zero error. Divide-by-zero has been observed when sample is parsed by tshark versions 1.12.8, 1.12.9, 1.12.10, 1.12.12, and 2.0.4 among others.
A buffer overflow vulnerability exists in GIOP capture version 2.0.3. A specially crafted packet can cause a buffer overflow, resulting in a denial of service or potentially allowing arbitrary code execution.
This infinite loop is caused by an offset of 0 being returned by wkh_content_disposition(). This offset of 0 prevents the while loop using "offset < tvb_len" from returning and results in an infinite loop.
A single UDP packet on tshark 2.0.2 and a recent build from repository can cause a memory leak of more than 4GB.
Open Upload Application is vulnerable to CSRF attack (No CSRF token in place) meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering). Once exploited, the attacker can login as the admin using the username and the password he posted in the form.
Haliburton LogView Pro v9.7.5 is vulnerable to a SEH overwrite vulnerability. By opening a specially crafted cgm/tif/tiff/tifh file, the program will crash and the SEH handler can be overwritten. The SEH chain of the main thread contains a corrupt entry at address 0012D8CC.
It was discovered that the ALO EasyMail Newsletter WordPress Plugin is vulnerable to Cross-Site Request Forgery. Amongst others, this issue can be used to add/import arbitrary subscribers. In order to exploit this issue, the attacker has to lure/force a victim into opening a malicious website/link.
A stored Cross-Site Scripting vulnerability was found in the WP Live Chat Support WordPress Plugin. This issue can be exploited by an unauthenticated user. It allows an attacker to perform a wide variety of actions, such as stealing users' session tokens, or performing arbitrary actions on their behalf.
Services By CQR