smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the 'uncommented' default configuration. The issue exists because of an incorrect return value upon failure of input validation.
A buffer overflow vulnerability exists in Wedding Slideshow Studio 1.36 when a long string is entered into the 'Registration Name' field. An attacker can exploit this vulnerability by running a python exploit script which will create a new file with the name 'name.txt'. The attacker can then copy the text inside 'name.txt' and paste it into the 'Registration Name' field. This will cause a buffer overflow and allow the attacker to execute arbitrary code on the vulnerable system.
Disk Savvy Enterprise 12.3.18 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system. The vulnerability exists because the Disk Savvy Enterprise service is installed with an unquoted service path. An attacker can exploit this vulnerability by placing malicious files in the same directory as the service executable. When the service is started, the malicious files will be executed with elevated privileges.
Disk Sorter Enterprise 12.4.16 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the service path. The service path is not properly quoted, allowing an attacker to inject malicious code into the service path. This can be exploited by an attacker to gain elevated privileges on the system.
An unquoted service path vulnerability exists in Sync Breeze Enterprise 12.4.18. An attacker can exploit this vulnerability to gain elevated privileges on the system. The vulnerability is due to the Sync Breeze Enterprise service not being properly quoted. An attacker can exploit this vulnerability by placing malicious files in the same directory as the Sync Breeze Enterprise service executable. When the service is started, the malicious files will be executed with SYSTEM privileges.
A vulnerability exists in FreeSSHd 1.3.1 where the 'FreeSSHDService' service path is not quoted, allowing an attacker to gain elevated privileges on the system. This can be exploited by a local attacker to gain SYSTEM privileges.
A vulnerability exists in freeFTPd v1.0.13 where the 'freeFTPdService' service is installed with an unquoted service path. This can be exploited by a local attacker to gain elevated privileges on the system.
A Stored xss was found in Vanillaforum 2.6.3. An attacker will insert a payload on branding section. So, whenever an user will open the branding section then attacker automatically get all sensitive information of the user.
In CHIYU BF430 web page, user can modify the system configuration by access the /if.cgi. Attackers can inject malicious XSS code in "TF_submask" field. The XSS code will be stored in the database, so that causes a stored XSS vulnerability.
The IOAccelKernelCommand contains an 8-byte header consisting of a command type and size, followed by structured data specific to the type of command. When verifying that the size of the IOAccelKernelCommand has enough data for the specific command type, it appears that the check excludes the size of the 8-byte header, meaning that processSegmentKernelCommand() will parse up to 8 bytes of out-of-bounds data. This makes it possible to overwrite the first 1-8 bytes of the subsequent page of memory with timestamp data.
Services By CQR