AcSELerator Architect is prone to a denial-of-service (DoS) vulnerability. An attacker may exploit this issue to cause CPU exhaustion, resulting in application rendered non-responsive (AppHangB1 event).
Axessh 4.2 is vulnerable to a denial of service attack when a maliciously crafted string is supplied as the 'Log file name' parameter. This causes the application to crash when the 'OK' button is clicked.
ZOC Terminal v7.23.4 is vulnerable to a denial of service attack when a maliciously crafted file is opened in the 'Shell' field of the Program Settings menu. An attacker can exploit this vulnerability by running a python code to generate a malicious file, opening the malicious file in the 'Shell' field of the Program Settings menu, and then selecting the 'Command Shell' option in the View menu. This will cause the application to crash.
ZOC Terminal v7.23.4 is vulnerable to a denial of service attack when a maliciously crafted 'Private key file' is used. This can be exploited by a remote attacker to crash the application. To exploit this vulnerability, an attacker must run a python code to create a maliciously crafted 'Private key file', open the file in ZOC Terminal, select the 'Private key file' field, erase the content and paste the clipboard. Then, the attacker must click on 'Create public/private key files...' to crash the application.
ZOC Terminal v7.23.4 is vulnerable to a denial of service attack when a specially crafted .zrx file is opened. The vulnerability is triggered when the user opens a malicious .zrx file, which contains a large amount of 'A' characters, resulting in a crash of the application.
A buffer overflow vulnerability exists in JetAudio jetCast Server 2.0 when a specially crafted payload is sent to the 'Log Directory' field. This can lead to arbitrary code execution. The vulnerability is caused by a lack of proper bounds checking when handling user-supplied input.
vcodec2_hls_filter in libvoipCodec_v7a.so in WeChat application for Android results in a DoS by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file.
DeepSound is a music sharing script vulnerable to SQL Injection. The vulnerability exists in the 'search_keyword' and 'description' parameters of the application. Attackers can exploit this vulnerability by sending malicious payloads to the application. An example payload for the 'search_keyword' parameter is '%27 aNd 9521793=9521793 aNd %276199%27=%276199' and for the 'description' parameter is '%27) aNd if(length(0x454d49524f474c55)>1,sleep(3),0) --%20'. This can allow attackers to execute arbitrary SQL commands on the underlying database.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
We have discovered a unauthenticated SQL injection vulnerability in CommSy <= 8.6.5 that makes it possible to read all database content. The vulnerability exists in the HTTP GET parameter 'cid'.
Services By CQR