Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI. A malicious website can be created with a form that contains hidden inputs for username, nickname, email, tel, password, out_time, money, is_permanent, status, and id. When the form is submitted, the user's information is changed.
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI. A proof of concept HTML file is provided which can be used to create a new administrator user.
A buffer overflow vulnerability exists in LabF nfsAxe 3.7 Ping Client. An attacker can exploit this vulnerability by creating a malicious payload of 220 bytes and paste it in the 'Host IP' field of the application. This will lead to the execution of arbitrary code on the vulnerable system.
Fatal javascript OOM in invalid table size. The vulnerability is caused by a combination of the Array constructor and the reduce() method of the Array prototype. The Array constructor is used to create an array of length 60000, and the reduce() method is used to iterate over the array. The vulnerability can be triggered by calling the Object.getOwnPropertyDescriptors() method with the array as an argument.
Plugin implements the following AJAX actions: - `ContactFormMakerPreview` - `ContactFormmakerwdcaptcha` - `nopriv_ContactFormmakerwdcaptcha` - `CFMShortcode` All of them call the function `contact_form_maker_ajax`. This function dynamicaly loads a file defined in `$_GET['action']` or `$_POST['action']` if the former is not defined. Because of the way WordPress defines the AJAX action a user could define the plugin action in the `$_GET['action']` and AJAX action in `$_POST['action']`. Leveraging that and the fact that no sanitization is performed on the `$_GET['action']`, a malicious actor can perform a CSRF attack to load a file using directory traversal thus leading to Local File Inclusion vulnerability.
A buffer overflow vulnerability exists in QNAP myQNAPcloud Connect versions 1.3.4.0317 and below. An attacker can generate a qnap.txt file containing 1000 A characters and copy the contents of qnap.txt to the clipboard. When the contents are pasted in any username/password field (Add or Edit VPN) and the OK button is clicked, the program crashes.
A buffer overflow vulnerability exists in Ease Audio Converter 5.30 when a specially crafted MP4 file is loaded into the Audio Cutter function. This can lead to a denial of service condition.
An XXE vulnerability exists in Oracle Business Intelligence and XML Publisher, versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0. An attacker can send a specially crafted XML request to the ReportTemplateService.xls endpoint to exploit this vulnerability. This can allow an attacker to read arbitrary files on the server.
LibreOffice comes bundled with sample macros written in Python and allows the ability to bind program events to them. A macro can be tied to a program event by including the script that contains the macro and the function name to be executed. Additionally, a directory traversal vulnerability exists in the component that references the Python script to be executed. This allows a program event to execute functions from Python scripts relative to the path of the samples macros folder. The pydoc.py script included with LibreOffice contains the tempfilepager function that passes arguments to os.system, allowing RCE. This module generates an ODT file with a mouse over event that when triggered, will execute arbitrary code.
A denial of service vulnerability exists in DHCP Server 2.5.2 when a specially crafted Bootfile field is sent to the application. An attacker can leverage this vulnerability to cause a denial of service condition.
Services By CQR