FileOptimizer 14.00.2524 is vulnerable to a denial of service attack. An attacker can create a malicious configuration file with a large buffer of characters, which when opened by the application will cause it to crash. This can be done by replacing the “TempDirectory” variable in the “FileOptimizer32.ini” file with a large buffer of characters.
rimbalinux AhadPOS 1.11 is vulnerable to SQL injection. This vulnerability can be exploited by malicious users to disclose sensitive information from the application, modify data, and potentially compromise the application and all its users. Two types of SQL injection are demonstrated in the PoC: time-based and boolean-based blind SQL injection. The payloads for each type are provided in the text.
A Persistent Cross-Site Scripting (XSS) vulnerability exists in thrsrossi Millhouse-Project 1.414. An attacker can send a malicious payload to the 'content' parameter of the add_comment_sql.php script, which is then stored in the database and executed when the page is loaded. This can allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser.
Blue Stacks is an application which allows to run mobile apps on Windows and Mac. The service BstHdLogRotatorSvc is use to allow HD displays of Blue Stacks app. The service suffers from an unquoted path.
This module exploits the trusted `$PATH` environment variable of the SUID binary `omniresolve` in Micro Focus (HPE) Data Protector A.10.40 and prior. The `omniresolve` executable calls the `oracleasm` binary using a relative path and the trusted environment `$PATH`, which allows an attacker to execute a custom binary with `root` privileges.
A buffer overflow vulnerability exists in Aida64 6.10.5200 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. The vulnerability is triggered when a user pastes a specially crafted payload from aida64.txt into the Logging -> Log sensor readings to CSV log file option in the application. This will cause a buffer overflow and overwrite the SEH handler.
A vulnerability in Apache Solr 8.2.0 allows remote code execution via a specially crafted Velocity template. The vulnerability is due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server. Successful exploitation of this vulnerability could result in arbitrary code execution on the vulnerable server.
ownCloud 10.3.0 stable is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability by sending a malicious request to the server, which can be used to create or delete folders. The malicious request can be sent via an HTML page or an XMLHttpRequest.
A SQL injection vulnerability was discovered in Wordpress Plugin Google Review Slider 6.1. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
MikroTik RouterOS before 6.45.7 (stable) and 6.44.6 (Long-term) allowed an unauthenticated remote user trigger DNS requests to a user specified DNS server via port 8291 (winbox). The DNS response then gets cached by RouterOS, setting up a perfect situation for unauthenticated DNS cache poisoning.
Services By CQR