The devices, Carel pCOWeb, store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. To exploit this vulnerability, an attacker can browse the maintain user page in website http://<Your Modem IP>/config/pw_changeusers.html and view the user's information which includes Description, Username and Password.
In AUO Solar Data Recorder web page, user can modify the system settings by access the /protect/config.htm. Attackers can inject malicious XSS code in parameter 'addr' of post data. The value of addr will be stored in database, so that cause a stored XSS vulnerability.
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field. The vulnerability stems from the confusion of both single quotes and semicolon in the query string of the URL. payload: ';alert('XSS');' Attack vector: http:///site.com/SearchN.do?searchString=';alert('XSS');'
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
A denial of service vulnerability exists in BlueStacks 4.80.0.1060 due to a buffer overflow when copying a large amount of data to the clipboard. An attacker can create a file containing a large amount of data and copy it to the clipboard, which will cause the application to crash.
The in6_pcbdetach function in the kernel does not properly clear the in6p_outputopts field when freeing it, leading to a use-after-free vulnerability. This can be exploited by a local user with root privileges to cause a kernel panic.
The stf interface ioctls are handled by the stf_ioctl function. The crash occurs in the following case where a `struct ifreq` is read into kernel memory and then casted to the incorrect `struct ifaddr` type. I suspect this ioctl is not intended to be reachable by the user, but is unintentionally exposed without the necessary translation from `ifreq` to `ifaddr`, e.g. as it is done in `inctl_ifaddr`.
The DFG JIT compiler attempts to determine whether a DFG IR operation could cause garbage collection (GC) during its execution. If the analysis is incorrect and a GC can happen in between, then the emitted code can cause use-after-free issues, e.g. if an unmarked (white) object is assigned as property to an object that was marked during an unexpected GC (and is thus black). This vulnerability was found through fuzzing and then simplified, triggering an assertion in JSC debug builds.
Exploit uses hardcoded and undocumented credentials for JBoss JMX to execute arbitrary command on system.
While fuzzing JavaScriptCore, an exploit was encountered which crashes jsc from current HEAD (git commit 3c46422e45fef2de6ff13b66cd45705d63859555) in debug and release builds. The exploit appears to be an Out-of-Bounds Read vulnerability, where the CreateActivation instruction allocates a LexicalEnvironment object on the heap to store local variables into. The NewArrayBuffer allocates backing memory for the array. The subtraction is (incorrectly?) speculated to not overflow and is thus replaced by an ArithSub, an instruction performing an integer subtraction and bailing out if an overflow occurs. The object allocation sinking phase runs, which determines that the created activation object doesn't leave the current scope and thus doesn't have to be allocated at all.
Services By CQR