This exploit is a race condition vulnerability in the installer. It allows an attacker to bypass the patch by setting a junction after the check but before it writes the DACL. The attacker can then trigger the rollback by pressing the cancel button. The exploit is complicated and requires the attacker to run polarbear.exe, open a cmd and run an installer, and use a filter in procmon.exe.
Visual Voicemail (VVM) is a feature of mobile devices that allows voicemail to be read in an email-like format. Carriers set up a Visual Voicemail server that supports IMAP, and the device queries this server for new email. Visual Voicemail is configured over SMS, and carriers inform devices of the location of the IMAP server by sending a specially formatted SMS message containing the URL of the IMAP server. SMS messages are determined to be VVM-related based on their PID field as well as their contents. Both of these fields can be set by a device sending SMS messages, so any device can send a message that causes Visual Voicemail to query an IMAP server specified in the message. This means that an attacker can force a device to query an IMAP server they control without the user interacting with the device in any way. There is an object lifetime issue in the iPhone IMAP client that can be accessed in this way. It happens when a NAMESPACE command response contains a namespace that cannot be parsed correctly. It leads to the mailbox separator being freed, but not replaced with a valid object. This leads to a selector being called on an object that is not valid.
Terminal Services Manager 3.2.1 is vulnerable to a local buffer overflow denial of service attack. By creating a malicious file containing a large number of 'A' characters and pasting the contents of the file into the 'Computer name or IP address' field, an attacker can cause a denial of service condition.
A SQL injection vulnerability exists in Nagiosxi 5.6.1, which allows an attacker to execute arbitrary SQL commands via the username parameter in the login.php page. This can be exploited to gain access to the application and potentially gain access to sensitive data.
NetAware 1.20 is vulnerable to a denial of service attack when a maliciously crafted 'Share Name' is entered into the 'Manage Shares' > 'Add a New Share...' dialog. This causes a crash of the application.
NetAware 1.20 is vulnerable to a denial of service attack when a maliciously crafted string is pasted into the 'Add a website or keyword to be filtered...' field in the 'User Blocking' section of the 'Settings' menu. When the 'Remove' button is clicked, the application crashes.
TapinRadio 2.11.6 is vulnerable to a denial of service attack when a maliciously crafted username is provided. By providing a username of 10000 'A' characters, the application will crash when the user attempts to set the application proxy.
TapinRadio 2.11.6 is vulnerable to a denial of service attack when a maliciously crafted 'Address' field is supplied. An attacker can exploit this vulnerability by running a python code to generate a maliciously crafted 'Address' field, copying the content to clipboard, opening TapinRadio, selecting 'Settings' > 'Preferences' > 'Miscellaneous', selecting 'Set Application Proxy...', pasting the clipboard in the 'Address' field, typing '444' in the 'Port' field, typing 'test' in the 'Username' field, typing '1234' in the 'Password' field, selecting 'OK' and 'OK', and crashing the application.
RarmaRadio 2.72.3 is vulnerable to a denial of service attack when a maliciously crafted username is entered into the 'Username' field in the 'Network' settings. This causes the application to crash.
RarmaRadio 2.72.3 is vulnerable to a denial of service attack when a maliciously crafted string is sent to the 'Server' field in the 'Network' settings. When the malicious string is sent, the application crashes.
Services By CQR