A vulnerability in the STIX module of MISP (Malware Information Sharing Platform) allows an attacker to execute arbitrary SQL commands via command injection. This exploit uses a payload as a stix filename, which is then encoded and passed to the vulnerable application. The payload contains a set of commands that are used to extract the database credentials from the database.php file, and then use them to execute the arbitrary SQL command. The exploit also uses python to decode the payload and then execute it.
qdPM is a free web-based project management tool suitable for a small team working on multiple projects. An XSS vulnerability exists in qdPM 9.1, which allows an attacker to inject malicious JavaScript code into the 'search[keywords]' parameter of the 'index.php/users' page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
qdPM is a free web-based project management tool suitable for a small team working on multiple projects. It is vulnerable to Cross-Site Scripting (XSS) attacks when the 'type' parameter is manipulated. An attacker can inject malicious JavaScript code into the 'type' parameter, which will be executed in the victim's browser when the vulnerable page is accessed.
mIRC has been shown to be vulnerable to argument injection through its associated URI protocol handlers that improperly escape their parameters. Using available command-line parameters, an attacker is able to load a remote configuration file and to automatically run arbitrary code. Because mIRC doesn't use any kind of sigil such as -- to mark the end of the argument list, an attacker is able to pass arguments to mIRC through a irc:// link and execute arbitrary code by loading a custom mirc.ini from an attacker-controlled Samba file server. Please note that ircs:// works the same way.
RealTerm: Serial Terminal 2.0.0.70 is vulnerable to a buffer overflow in the 'Echo Port' tab. By sending a specially crafted payload of 268 bytes, an attacker can overwrite the SEH handler and cause a crash. The PoC creates a file 'EchoPort.txt' containing the payload, which can then be pasted into the 'Port' field of the 'Echo Port' tab. When the 'Change' button is clicked, the application will crash.
UniSharp Laravel File Manager allows Arbitrary File Upload if type is set to Files /laravel-filemanager?type=Files
The code in kvm_ioctl_create_device() creates a device that holds a reference to the VM object (with a borrowed reference, the VM's refcount has not been bumped yet). After step 3, an attacker can close the file descriptor and drop the borrowed reference, which can cause the refcount of the kvm object to drop to zero.
A vulnerability in ApowerManager - Phone Manager version 3.1.7 and earlier allows an attacker to cause a denial of service (DoS) or application crash by sending a crafted request to the application. The vulnerability exists due to insufficient validation of user-supplied input when processing requests to the application. An attacker can send a malicious request to the application to trigger this vulnerability.
LayerBB is a free open-source forum software, the CSRF allows creating a admin user.
MediaMonkey 4.1.23 is vulnerable to a denial of service attack when a specially crafted MP3 file is opened. The vulnerability is triggered when a user opens a specially crafted MP3 file with a long URL. This causes the application to crash.
Services By CQR