A Denial of Service vulnerability exists in FutureDj Pro version 1.7.2.0 32bit. An attacker can exploit this vulnerability by running a python code to create a file containing 5000 bytes of 'A' characters, copying the content of the file to clipboard, opening the FutureDj Pro application, clicking start Free Trial and then 'Click here to Buy', and then 'i already bought it', pasting the content of the EVIL.txt into the 'Unlock key' Name field, clicking 'OK', clicking 'OK' and clicking 'Exit'. This will cause the application to crash.
This exploit allows an attacker to send a large number of requests to the AirDroid server, resulting in a denial of service (DoS) and system crash, followed by a forced reboot.
A vulnerability in Coship Wireless Routers allows an unauthenticated attacker to reset the password of the Wireless SSID to 'password'. This is done by sending a POST request to the router's gateway address with the parameters specified in the exploit code. The affected versions are Coship RT3052 - 4.0.0.48, Coship RT3050 - 4.0.0.40, Coship WM3300 - 5.0.0.54, Coship WM3300 - 5.0.0.55, Coship RT7620 - 10.0.0.49.
IP-Tools 2.5 is vulnerable to a local buffer overflow vulnerability when a maliciously crafted input is sent to the 'From Addr' field in the SNMP Scanner. This can be exploited to execute arbitrary code by overwriting the EIP offset with a malicious payload. The malicious payload can be sent to the 'Log to file' field in the Logging tab of the Host Monitor option. This will allow an attacker to gain a bind shell on port 4444.
Smoothwall Open Source Project was set up in 2000 to develop and maintain Smoothwall Express - a Free firewall that includes its own security-hardened GNU/Linux operating system and an easy-to-use web interface. The vulnerability is a Cross-Site Scripting (XSS) vulnerability which can be exploited by sending malicious payloads to the vulnerable parameters. The payloads are stored in the database and can be triggered when the vulnerable parameters are accessed. The vulnerability can be exploited by sending malicious payloads to the vulnerable parameters. The payloads are stored in the database and can be triggered when the vulnerable parameters are accessed.
Due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed with an affine transform and used as a clipping region for drawing. Because the convex path filling algorithm was used while the path was actually concave, this broke some assumptions and led to a stack out-of-bounds write.
By injecting an XML payload in the following body request to the REST API provided by the application, an attacker could execute arbitrary commands on the remote system.
The devolo firmware has what seems to be a 'hidden' services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the attacker to start services that are deprecated or discontinued and achieve remote arbitrary code execution with root privileges.
Device Monitoring Studio 8.10.00.8925 is vulnerable to a denial of service attack when a maliciously crafted string is sent to the application. This can be done by running a python code, copying the content of a text file to the clipboard, and then pasting it into the application. This will cause the application to crash.
The N100 compact color IP camera suffers from an authenticated file disclosure vulnerability. Input passed via the 'READ.filePath' parameter in fileread script is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via absolute path or via the SendCGICMD API.
Services By CQR