A path traversal vulnerability exists within the 'File Manager' functionality of LimeSurvey that allows an attacker to download arbitrary files. The file manager functionality will also delete the file after it is downloaded (if the web service account has permissions to do so), allowing an attacker to cause a denial of service by specifying a critical LimeSurvey configuration file.
An authenticated remote code execution vulnerability exists in Bolt CMS 3.7.0 and 6.x versions. An attacker can exploit this vulnerability by sending a malicious request with valid credentials to execute arbitrary code on the vulnerable system. This vulnerability has not yet been assigned a CVE.
WhatsApp Desktop version 0.3.9308 is vulnerable to Persistent Cross-Site Scripting. An attacker can exploit this vulnerability by sending a malicious payload to the victim via WhatsApp Web. The payload is executed when the victim clicks on the message. The payload can be used to read the content of the 'hosts' file.
A local denial of service vulnerability exists in ZOC Terminal v7.25.5 due to improper validation of user-supplied input. An attacker can exploit this vulnerability by running a specially crafted python code, copying the content of the generated file to clipboard, opening ZOC Terminal, selecting File > Create SSH Key Files..., selecting the 'Private key file:' field, erasing it and pasting the clipboard content, and clicking on 'Create public/private key files...' to crash the application.
UltraVNC Viewer 1.2.4.0 is vulnerable to a denial of service attack when a maliciously crafted 'VNCServer' value is supplied. This can be exploited by an attacker to crash the application.
UltraVNC Launcher 1.2.4.0 is prone to a denial-of-service vulnerability when a maliciously crafted 'Password' is supplied. An attacker can exploit this vulnerability to crash the application, denying service to legitimate users.
A stored cross-site scripting vulnerability exists within the 'Survey Groups' functionality of the LimeSurvey administration panel. The vulnerable parameter is 'title'.
UltraVNC Launcher 1.2.4.0 is prone to a denial-of-service vulnerability. An attacker can exploit this issue by supplying a specially crafted input to the 'RepeaterHost' field, which will cause the application to crash. This may allow the attacker to deny service to legitimate users.
A denial of service vulnerability exists in Frigate 3.36 when a maliciously crafted input is sent to the 'Computer Name' field. An attacker can leverage this vulnerability to crash the application.
Nsauditor Network Security Auditor is a powerful network security tool designed to scan networks and hosts for vulnerabilities, and to provide security alerts. An attacker can exploit this vulnerability by running the python script, creating a new file 'POC.txt', running Nsauditor, pasting the content of POC.txt into the Field: 'Name' and clicking 'ok', resulting in a denial of service.
Services By CQR