This vulnerability allows an attacker to delete an admin user from the OOP CMS BLOG 1.0 application. The attacker can craft a malicious HTML page containing a form with a 'Delete' button. When the admin user visits the malicious page, the form will be automatically submitted and the admin user will be deleted from the application.
Multiple files in OOP CMS BLOG 1.0 are vulnerable to SQL Injection. These files include search.php, post.php, posts.php, page.php, viewUser.php, and replayMsg.php. All of these files are vulnerable to SQL Injection when an attacker supplies a malicious value for the *id parameter.
A command injection vulnerability was discovered in elFinder <= 2.1.47. This vulnerability allows an attacker to execute arbitrary commands on the server. The vulnerability is caused by the lack of input validation in the PHP connector. An attacker can exploit this vulnerability by sending a specially crafted request to the server.
There is a use-after-free vulnerability in the implementation of the FileWriter component of the mojo bindings for the filesystem API. The browser-process side of this API is defined in a URL and the method of interest is the Write method which takes a parameter of type blink.mojom.Blob. The implementation of this method binds a callback object to base::Unretained(this). The implementation of GetBlobDataFromBlobPtr calls the GetInternalUUID mojo interface method. If the renderer instead of providing a handle to a browser-process-hosted Blob object instead provides a handle to a renderer-hosted Blob implementation, then during the call to GetInternalUUID, the renderer-hosted Blob object will be freed, and the callback will be invoked with a dangling pointer.
In RenderProcessHostImpl, a unique_ptr owning a P2PSocketDispatcherHost is bound to an interface using base::Unretained. However, in handling the OnRendererIsBloated event, the RenderProcessHostImpl might be reinitialised without destroying it, causing the P2PSocketDispatcherHost to be immediately free'd without waiting for the IO threads to be joined. This results in a use-after-free of the P2PSocketDispatcherHost object.
The PaymentRequest object contains a std::unique_ptr to a PaymentRequestSpec, which is initialised during the call to PaymentRequest::Init. If we call PaymentRequest::Show on an initialised PaymentRequest, then we will pass this PaymentRequestSpec pointer to a new PaymentRequestSheetController. It will be stored as a raw pointer there with the comment '// All these are not owned. Will outlive this.', however, is incorrect, and there is no guarantee that the spec_ pointer will still be valid when the PaymentRequestSheetController later uses it. If the client makes a second call to PaymentRequest::Init, then the spec_ object will be free'd immediately. Note that the same appears to be true of the state_ object, which is also passed in to the PaymentRequestSheetController.
TransMac 12.3 is vulnerable to a denial of service attack when a maliciously crafted 'Volume name' is used. An attacker can create a file containing 1000 'A' characters, copy the content of the file to clipboard, open TransMac.exe, go to File > New Disk Image, paste the clipboard in 'Volume name' field, click on button -> Ok, save the new disk with any name, e.g 'exploit.dmg' and the application will crash.
J2Store is the most popular shopping/e-commerce extension for Joomla!. The SQL Injection found allows any visitor to run arbitrary queries on the website.
This exploit allows an attacker to cause a denial of service (DoS) on a vulnerable FTP Server 1.32 by sending a large number of FIN and RST packets to the target. The exploit uses iptables to drop the packets and a python script to send them.
A Cross-Site Request Forgery (CSRF) vulnerability exists in Simple Online Hotel Reservation System, which allows an attacker to delete an admin account by sending a malicious request. An attacker can craft a malicious HTML page containing a form with the action attribute set to delete_account.php?admin_id=1, which when visited by an authenticated admin, will delete the admin account.
Services By CQR