VeryPDF PCL Converter v2.7 is vulnerable to a denial of service attack when a maliciously crafted file is used as input. An attacker can exploit this vulnerability by running the python script 'PCLConverter.py', which will create a new file 'PCLConverter.txt'. The attacker then needs to copy the text from the generated PCLConverter.txt file to clipboard, open VeryPDF PCL Converter v2.7, go to 'Setting' > 'PDF Security', mark 'Encrypt PDF File' and paste clipboard in the field 'User Password' or the field 'Master Password' and click 'OK'. Finally, the attacker needs to click on 'Add File(s)', select a pcl file, e.g. 'sample.pcl' and click on 'Start', which will cause a crash.
Encrypt PDF v2.3 is vulnerable to a denial of service attack when a maliciously crafted file is imported. The attack can be triggered by copying a string of 1000 'A' characters to the clipboard and pasting it into the 'User Password' or 'Master Password' fields in the 'Settings' menu. When a PDF file is imported, the application will crash.
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
eSpace Meeting conference whiteboard functionality is vulnerable to a buffer overflow issue when inserting known image file formats. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
eSpace suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file (.html, .jpg, .png) located on a remote WebDAV or SMB share.
Interspire Email Marketer 6.20 is vulnerable to Remote Code Execution via upload files. An attacker can upload a malicious file to the server and execute arbitrary code. This vulnerability is due to insufficient validation of uploaded files in the surveys_submit.php file.
Iperius Backup Service must run as Local System or a system administrator. By default the application allows for low privilege users to create/run backup jobs and edit existing jobs due to file permissions. An option when creating a backup job is to run a program before or after the backup job. The backup job is run as the user of the running service, as such the program requested to run before or after a backup job is run as that same user. A low privilege user could abuse this and escalate their privileges to either local system or an administrator account.
The vulnerability exists due to a boundary error when processing a specially crafted .jpg file. A remote attacker can create a specially crafted .jpg file, trick the victim into importing it, and execute arbitrary code on the system. This can result in a denial of service condition.
The vulnerability exists due to a boundary error when processing user-supplied input. A remote attacker can create a specially crafted file, trick the victim into opening it, and execute arbitrary code on the system. This can be exploited to cause a DoS (Denial of Service) condition.
This exploit is a proof of concept for a denial of service vulnerability in Sandboxie 5.30. The exploit creates a file containing 5000 'A' characters, which when pasted into the 'Select or enter a program' field of the 'Configure > Programs Alerts' menu of Sandboxie Control, causes the application to crash.
Services By CQR