A denial of service vulnerability exists in SpotIM 2.2 when a maliciously crafted Name/Key field is entered into the registration code dialog. This can be exploited by an attacker to crash the application.
The 'UnshortenLink_1_0' analyzer used by Cortex contains an SSRF vulnerability. To exploit this vulnerability, a user must create a new analysis, select Data Type 'URL', and put an SSRF payload in the Data parameter. The result can be seen in the main dashboard.
Victor Mondragón discovered a Denial of Service vulnerability in jetCast Server 2.0. The vulnerability is triggered when a maliciously crafted file is opened in the application. The application crashes when the file is opened, resulting in a denial of service.
A denial of service vulnerability exists in jetAudio 8.1.7 when a maliciously crafted file is used as input. An attacker can leverage this vulnerability to crash the application. To exploit this vulnerability, an attacker must create a file with 512 'A' characters, copy the contents of the file to the clipboard, open JetVidCnv.exe or Video Converter, click on the 'Add Files...' button and select a video file, paste the clipboard in the field 'File Naming' and click on the 'Preview' button, which will cause the application to crash.
A denial of service vulnerability exists in Lyric Maker 2.0.1.0 due to a buffer overflow when copying a large amount of data to the 'Title' field. An attacker can exploit this vulnerability by running a python script to generate a text file with a large amount of data, copying the data to the clipboard, pasting it into the 'Title' field, and then saving the file. This will cause the application to crash.
When a specially crafted .mp3 file is opened in Lyric Video Creator 2.1, a denial of service condition occurs. This is caused by a buffer overflow error when the application attempts to read the file.
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has Multiple XSS vulnerabilites. The vulnerabilities can be exploited by sending malicious payloads to the Employee search form, Employee Search – ascending parameter, EmpSearch.cc - searchString parameter and Stored XSS in self-update layout implementation.
A Path Traversal issue was discovered in the Web GUI of NetNumber Titan 7.9.1. When an authenticated user attempts to download a trace file (through drp) by using a ../../ technique, arbitrary files can be downloaded from the server. Since the webserver running with elevated privileges it is possible to download arbitrary files. The HTTP request can be executed by any (even low privileged) user, so the authorization mechanism can be bypassed.
jetAudio 8.1.7.20702 is vulnerable to a denial of service attack when a maliciously crafted file is opened via the 'Open URL...' option in the 'Basic Controls' menu. An attacker can exploit this vulnerability by running a python code to create a malicious file, copying the content of the file to the clipboard, and then pasting it into the 'Enter URL' field in the 'Open URL...' option. This will cause the application to crash.
A buffer overflow vulnerability exists in the IMAP Server Lotus Domino 8.5.3 FP0 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request containing an overly long string of data, which can cause a stack-based buffer overflow. This can allow the attacker to execute arbitrary code in the context of the application.
Services By CQR