The plugin was originally named 'Q and A FAQ' and developped by Raygun company then it has been involved and renamed to 'Q and A Focus Plus FAQ' by Lanexatek Creations. Full Path Disclosure vulnerabilities exist in multiple files of the plugin. SQL Injection vulnerabilities exist in two places, parameter hdnParentID is vulnerable. Payload: 0 AND (SELECT * FROM (SELECT(SLEEP(5)))zeCb)
QuickBooks company files are SQL Anywhere database files and other QB formats are based on SQL Anywhere features as well. SQL code (Watcom SQL) is important part of QB workflow and it is arguably more powerful than VBA in MS Access or Excel and at the same time it is completely hidden and starts automatically with every opened file! Functions like xp_write_file, xp_cmdshell are included by default allowing 'rootkit' installation in just 3 lines of code: get data from table -> xp_write_file -> xp_cmdshell. Procedure in one database can be used to insert code into another directly or using current user credential. Moreover real database content is hidden from QuickBooks users, so there is virtually unlimited storage for code, stolen data, etc. QBX (accountant's transfer copies) and QBM (portable company files) are even easier to modify but supposed to be send to outside accountant for processing during normal workflow. QBX and QBM are compressed SQL dumps, so SQL modification is as hard as replacing zlib compressed 'reload.sql' file inside compound file. In all cases QuickBooks do not attempt (and have no ways) to verify SQL scripts and start them automatically with 'DBA' privileges.
The installer of Filezilla for Windows version 3.17.0.0 and probably prior and prone to unquoted path vulnerability. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
A buffer overflow vulnerability exists in CIScanv1.00 Hostname/IP Field, which allows an attacker to overwrite the SEH frame and execute arbitrary code. The vulnerability is caused due to the lack of proper validation of user-supplied input when handling Hostname/IP Field. An attacker can exploit this vulnerability by supplying a malicious input to the Hostname/IP Field, which will overwrite the SEH frame and execute arbitrary code.
This is a proof of concept for CVE-2016-0801 Bug. The program proceeds as follows: A new WPS Probe Response packet is generated. The device_name field of this packet is filled with some string that's longer than hundered characters. This packet is broadcasted on the network( interface needs to be on monitor mode for this to work). At this point the device picking up this packet, identified by its mac address(DESTINATION_MAC), should have crashed.
By tampering the flowset_length parameter within an IPFIX packet, an attacker can trigger a denial of service condition within nfcapd. Line 931 in file ipfix.c decrements the size_left value by 4, and by triggering a condition where the initial value is less than 4, eg. 1 as in the below POC, an integer underflow occurs. This wraps the size_left value (indicating the remaining packet payload to be processed) to 4294967293, resulting in nfcapd continuously processing the heap-based buffer allocated for the input packet (allocated at line 381 of nfcapd.c) until it eventually hits invalid memory and crashes with a segmentation fault. By submitting an IPFIX packer with a flowset_length value of 0, an attacker can trigger a denial of service condition within nfcapd. Line 931 in file ipfix.c decrements the size_left value by 4, and by triggering a condition where the initial value is 0, an integer underflow occurs. This wraps the size_left value (indicating the remaining packet payload to be processed) to 4294967295, resulting in nfcapd continuously processing the heap-based buffer allocated for the input packet (allocated at line 381 of nfcapd.c) until it eventually hits invalid memory and crashes with a segmentation fault. By submitting a Netflow V9 packet with a flowset_length value of 0, an attacker can trigger a denial of service condition within nfcapd.
A memory corruption occurs when Adobe Reader DC handle a specially crafted image XObject, which could lead to remote code execution.
JVC Hard Disk Recorders are prone to XSS and HTTP Header Injection. The URL Trigger is http://xxx.xxx.xxx.xxx/api/param?video.input(01).comment&video.input(02).comment&video.input(03).comment&video.input(04).comment&video.input(05).comment&video.input(06).comment&video.input(07).comment&video.input(08).comment&video.input(09).comment and the payload used is <img src=a onerror=alert("0rwelll4bs")>. The affected script/path is /api/param? and the affected parameters are video.input(01).comment, video.input(02).comment, video.input(03).comment, video.input(04).comment, video.input(05).comment, video.input(06).comment, video.input(07).comment, video.input(08).comment and video.input(09).comment.
This exploit allows for a post authentication DOS. The server does not do proper bounds checking on server responses. In this case, the long 'MODE set to ...' reply invoked by a long TYPE command causes a heap overflow and crashes the server process.
A buffer overflow vulnerability exists in Ipswitch WS_FTP LE 12.3 when a specially crafted file is used in the Local Search option of the Tools menu. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
Services By CQR