TaskCanvas 1.4.0 is vulnerable to Denial of Service attack when a malicious user sends a large amount of characters in the 'Registration' field. This causes the application to crash.
Backup Key Recovery 2.2.5 is vulnerable to a denial of service attack when a malicious user sends a large amount of characters in the 'Name' field. This causes the application to crash.
A stack-based buffer overflow vulnerability exists in Allok Video Converter 4.6.1217. An attacker can execute arbitrary code by copying the contents of poc.txt into the License Name input field of Allok Video Converter 4.6.1217. This will cause a stack-based buffer overflow, allowing the attacker to execute arbitrary code.
When the contents of poc.txt are copied and pasted into the User Name / Registration Code input fields, the application crashes due to a buffer overflow.
SpotOutlook 1.2.6 is vulnerable to a denial of service attack when a malicious user sends a large amount of data to the 'Name' field. When the data is pasted into the 'Name' field and the 'Ok' button is clicked, the application will crash.
Advanced System Repair Pro 1.9.1.7 is vulnerable to insecure file permissions. An attacker can exploit this vulnerability by compiling a malicious 'C' code and renaming the original 'AdvancedSystemRepairPro.exe' to '~AdvancedSystemRepairPro.exe'. The malicious code can then be placed in the Advanced System Repair Pro 1.9.1.7.0 directory. When a more privileged user connects and uses the AdvancedSystemRepairPro IDE, the attacker can gain privilege escalation.
SpotDialup is vulnerable to a denial of service attack when a malicious user sends an overly long string to the 'Name' field. This causes the application to crash.
Chevereto is vulnerable to Remote Code Execution due to an injection in the 'db_table_prefix' parameter. An attacker can inject malicious code into the 'db_table_prefix' parameter and execute arbitrary code on the server. This exploit has been tested on Ubuntu 19.10, PHP 7.3, Apache/2.4.41.
This exploit is used to execute arbitrary commands on vulnerable Citrix Application Delivery Controller and Citrix Gateway devices. It works by sending a malicious HTTP request to the vulnerable device, which then executes the command and stores the output in an XML file. The output can then be retrieved by sending another HTTP request to the vulnerable device.
PixelStor 5000 is vulnerable to Remote Code Execution. An attacker can exploit this vulnerability by sending a maliciously crafted POST request to the languageOptions.php page. This will allow the attacker to execute arbitrary commands on the vulnerable system.
Services By CQR