A use-after-free vulnerability was discovered in Wireshark, which is a free and open-source packet analyzer. The vulnerability can be triggered by feeding a malformed file to tshark. It is caused by a heap-use-after-free condition, which can be observed in an ASAN build of Wireshark. The vulnerability can be exploited to cause a crash.
This exploit is a proof of concept for a buffer overflow vulnerability in GpicView, a lightweight image viewer. The exploit requires the user to open a maliciously crafted image file with GpicView, and then rotate the image. This causes a buffer overflow, resulting in a denial of service.
A critical vulnerability has been found in the Centreon logging class allowing remote users to execute arbitrary commands. Centreon logs SQL database errors in a log file using the "echo" system command and the exec() PHP function. On the authentification class, Centreon use htmlentities with the ENT_QUOTES options to filter SQL entities. However, Centreon doesn't filter the SQL escape character "" and it is possible to generate an SQL Error. Because of the use of the ""echo"" system command with the PHP exec() function
Multiple CSRF vulnerabilities have been found in the Mail interface of Zimbra 8.0.9 GA Release, enabling to change account preferences like e-mail forwarding. Forms in the preferences part of old releases of Zimbra are vulnerable to CSRF because of the lack of a CSRF token identifying a valid session. As a consequence, requests can be forged and played arbitrarily.
A critical vulnerability has been found in Proxmox VE 3 (OpenVZ) and Proxmox VE 4 beta 1 (LXC) in the virtual machine creating form allowing authenticated remote users to overwrite configuration files settings. Because the Proxmox VE application doesn't check the user-provided "hostname" POST parameter, it's possible to overwrite configuration files using a CRLF injection. In Proxmox VE 3, we successfully gained access to the host filesystem from a container and elevated our container capabilities, allowing us to obtain user credentials and sniff the network. In Proxmox VE 4b1, because LXC allows "hooks" to execute commands, we successfully gained root privileges on the host. It's also possible to exploit Proxmox clusters.
Ocim MP3 is Plugin to make MP3 Grabber site based on Wordpress. Injecting malicious SQL code into the 'id' parameter of the 'pages.php' file can lead to SQL injection.
Infor CRM suffers from multiple stored cross-site scripting vulnerabilities. Input passed to several POST/PUT parameters in JSON format is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).
The vulnerability is a heap-based out-of-bounds memory read in libxml2, which is a library providing support to read, modify and write XML and HTML files. The vulnerability can be triggered by feeding a malformed file to xmllint. The crash due to the vulnerability can be observed in an ASAN build of the latest stable libxml2 (2.9.3, released 4 days ago).
An SQL injection vulnerability was identified in one of the GET request. The SQL injection vulnerability was found in a GET request that causes contact data to be sorted. At least the attribute values of sortorder and letterrange are not correctly sanitized and therefore can be abused to inject arbitrary SQL statements.
Services By CQR