The printer runs a webserver to provide various printing tasks from java enabled browsers. Input is being filtered for bad characters. However, it is vulnerable to a long URL request. This will either reboot or crash the device. On crash, the 'system' LED on the printer changes from green to orange. No further printing is done until somebody resets the printer by flipping the power switch. E675 error is displayed in the printer display. On reboot, printing resumes after the device has completed its reboot cycle.
Fenice is an open source media streaming server. A buffer overflow vulnerability exists in the server due to improper bounds checking of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system with the privileges of the user running the application.
A handling issue exists in how Firefox handles certain Javascript in js320.dll and xpcom_core.dll regarding iframe.contentWindow.focus(). By manipulating this feature a buffer overflow will occur.
A vulnerabilitiy exists in Safari 2.0.3 (417.9.2) and perhaps in prior versions which causes the operating system to slow down SRCOD (Spinning Rainbow Cursor Of Death), and therefore, it's not possible to launch any applications like Terminal to kill the process. After several minutes Safari crashes.
This module exploits a vulnerability in Real Networks Acrade Game's ActiveX control. The 'exec' function found in InstallerDlg.dll (v2.6.0.445) allows remote attackers to run arbitrary commands on the victim machine.
tmux 1.3/1.4 contains a privilege escalation vulnerabillity, which gives you utmp group privileges. This bug is important, because it is possible to clean logfiles and use logcleaners for btmp, wtmp and lastlog without local root access.
First you must be logged in. Then type this in your browser: http://www.site.com/path/member.asp?id=-1%20UNION%20SELECT%201,memName,3,4,5,6,7,8,9,10,11,memPassword,13,14,15,16%20FROM%20member+where+memID=1. You will find admin's password.
This exploit allows an attacker to inject malicious SQL code into the 'id' parameter of the 'showprofile.php' page of FlexBB. By sending a specially crafted HTTP request, an attacker can gain access to the username and password of the user.
When a web page contains a <TABLE> tag with a COLSPEC attribute set to a long string, Safari will crash when the page is loaded. This is due to a buffer overflow in the WebCore library. The vulnerability can be triggered by setting the CELLSPACING attribute to a long string.
A local file inclusion vulnerability in OpenEMR 4.0.0 can be exploited to include arbitrary files. An attacker can exploit this vulnerability by sending a POST request with a maliciously crafted payload to the express.php script.
Services By CQR