SNScan v1.05 is vulnerable to a buffer overflow crash when a long string is entered into the Hostname/IP field. This can be exploited by an attacker to crash the application, denying service to legitimate users.
By setting an alarm with 5000 x “0” in the Clock app, the watchOS on IOS 9.0.1 will crash when the alarm rings.
The attached file causes a use-after-free when calling the stage setter. The PoC works most consistently in Firefox for 64-bit Windows.
There is a use-after-free that appears to be related to rendering the display based on multiple scripts. A PoC is attached, tested on Windows only. Note the PoC is somewhat unreliable on some browsers, sometimes it needs to render a minute or two in the foreground before crashing. This is related to unreliability in the freed object being reallocated as a value that causes the crash, not unreliability in the underlying bug (it crashes immediately in a debug build of Flash). With enough effort, an attacker could likely trigger the issue immediately.
When you install TrendMicro Antivirus on Windows, by default a component called Password Manager is also installed and automatically launched on startup. This product is primarily written in JavaScript with node.js, and opens multiple HTTP RPC ports for handling API requests. It took about 30 seconds to spot one that permits arbitrary command execution, openUrlInDefaultBrowser, which eventually maps to ShellExecute(). This means any website can launch arbitrary commands, like this: x = new XMLHttpRequest(); x.open('GET', 'https://localhost:49155/api/openUrlInDefaultBrowser?url=c:/windows/system32/calc.exe true); try { x.send(); } catch (e) {};
A user with backup privs can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. Tested against Amanda 3.3.1.
A buffer overflow vulnerability exists in KeePass Password Safe Classic 1.29 due to improper bounds checking of user-supplied data. An attacker can leverage this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can exploit this vulnerability by supplying a specially crafted file to the application. This can result in a denial of service condition or the execution of arbitrary code in the context of the application.
The 'wps_usermeta_shortcodes.php' file contains a parameter that is not sanitized, leading to persistent XSS. The edit profile page is vulnerable to CSRF, which allows for a password change and full account takeover.
RedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device.
Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
Services By CQR