OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. This vulnerability is a Cross-Site Scripting (XSS) vulnerability which is a type of injection attack. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. This vulnerability is a combination of reflected and stored XSS. Reflected XSS is a type of XSS attack where the malicious script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request. Stored XSS is a type of XSS attack where the malicious script is stored on the web server, such as in a database, and is later served to users when they request the tainted web page. This vulnerability affects OPNsense version 19.1.
Webiness Inventory 2.3 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'email' parameter in the POST request. This can be exploited to bypass authentication and gain access to the application.
A Stored Cross Site Scripting vulnerability is found in the 'Package Name' Field within the 'Add a Package (add_package)' module. This is because the application does not properly sanitize the users input.
VA MAX 8.3.4 is vulnerable to a post-authentication remote code execution vulnerability. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable application. This payload will be executed on the server, allowing the attacker to gain access to the system. The vulnerability is caused by the application not properly validating user input.
Adds bans.php page, showing a list of banned users and the reason of ban. Any forum user that's a mod can ban users and input a payload into the ban reason which gets executed on the bans.php page.
River Past Video Cleaner is vulnerable to a buffer overflow vulnerability when a maliciously crafted input is supplied to the Lame_enc.dll field in the File-Options menu. This can be exploited to execute arbitrary code by overwriting the SEH handler with a pointer to the malicious code.
This exploit is based on LiquidWorm's and Yakir Wizman's proof of concepts. It uses winappdbg to search for the process AvastUI.exe and then searches for the strings 'email' and 'password' in the memory. If found, it prints the credentials.
IPFire is a Linux distribution that focusses on easy setup, good handling and high level of security. It is operated via an intuitive web-based interface which offers many configuration options for beginning and experienced system administrators. IPFire is maintained by developers who are concerned about security and who update the product regularly to keep it secure. IPFire ships with a custom package manager called Pakfire and the system can be expanded with various add-ons. This vulnerability is a Cross-Site Scripting (XSS) vulnerability which allows an attacker to inject malicious JavaScript code into the web application. The vulnerability exists in five different parameters, four of which are reflected XSS and one is stored XSS.
A denial of service vulnerability exists in NordVPN 6.19.6 due to a buffer overflow when copying a large amount of data to the 'E-mail' field. An attacker can exploit this vulnerability by creating a file containing a large amount of data and copying it to the 'E-mail' field, resulting in a denial of service condition.
This module exploits a type confusion on Adobe Flash Player, which was originally found being successfully exploited in the wild. This module has been tested successfully on: macOS Sierra 10.12.3, Safari and Adobe Flash Player 21.0.0.182, Firefox and Adobe Flash Player 21.0.0.182.
Services By CQR