The JavaScript program found by Fuzzilli and slightly modified crashes JavaScriptCore built from HEAD and the current stable release (/System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc). The program creates an object with a setter and then assigns a non-getter/setter object to the length property of the object. This causes an out-of-bounds read when the program attempts to access the length property of the object.
A denial of service vulnerability exists in WMV to AVI MPEG DVD WMV Convertor 4.6.1217 when a maliciously crafted 'License Name and License Code' is entered into the application. An attacker can exploit this vulnerability by running a python code to create a file containing 6000 bytes of 'A' characters, copying the content of the file to the clipboard, and then pasting it into the 'License Name and License Code' field. This will cause the application to crash.
The DVR suffers from an unauthenticated and unauthorized live stream disclosure when get_jpeg script is called.
A vulnerability in Citrix StoreFront Server 7.15 allows an attacker to inject malicious XML code into the application, which can be used to perform an XML External Entity (XXE) attack. This attack can be used to gain access to sensitive information stored on the server, such as passwords, configuration files, and other sensitive data. The vulnerability affects Citrix StoreFront Server versions earlier than 1903, Citrix StoreFront Server 7.15 LTSR earlier than CU4 (3.12.4000), and Citrix StoreFront Server 7.6 LTSR earlier than CU8 (3.0.8000).
While there exists multiple advisories for the vulnerability and video demos of successful exploitation there is no public exploit-code for MS15-011 (CVE-2015-0008). This exploit code targets vulnerable systems in order to modify registry keys to disable SMB signing, achieve SYSTEM level remote code execution (AppInit_DLL) and a user level remote code execution (Run Keys).
The web application fails to properly validate the Origin header and returns the header Access-Control-Allow-Credentials: true. In this configuration any website can issue requests made with user credentials and read the responses to these requests. Trusting arbitrary origins effectively disables the same-origin policy, allowing two-way interaction by third-party web sites.
The application suffers from an unquoted search path issue impacting the service 'SecurosCtrlService'. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during applicatino startup or reboot.
rConfig is a web-based network device configuration management application. A vulnerability in rConfig 3.9.2 allows an unauthenticated attacker to execute arbitrary code on the target system. This is due to the lack of input validation in the 'rootUname' parameter of the 'ajaxServerSettingsChk.php' script, which is accessible through the '/install/lib/ajaxHandlers/' directory. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious code to the vulnerable server. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
The vulnerability exists in the HTMLFrameElementBase.cpp, NodeRareData.h, and Page.h files. The vulnerability is an integer overflow in the m_connectedFrameCount member of the NodeRareData class, which is used to store the number of child frames currently attached to the subtree. This can lead to an attacker being able to bypass the Page::maxNumberOfFrames limit, which is set to 1000, and cause a denial of service attack.
Multiple SQL Injection vulnerabilities exist in delpino73 Blue-Smiley-Organizer 1.32. An attacker can exploit these vulnerabilities to inject malicious SQL commands into the application which can be used to access, modify or delete data from the database. The first vulnerability is a boolean-based blind SQL injection which can be exploited by sending a specially crafted payload to the 'datetime' parameter. The second vulnerability is a time-based blind SQL injection which can be exploited by sending a specially crafted payload to the 'datetime' parameter. An attacker can also exploit this vulnerability to pop a PHP command shell by sending a specially crafted payload to the 'datetime' parameter.
Services By CQR