An SQL injection vulnerability exists in Yeswiki Cercopitheque 2018-06-19-1, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in a 'BaZar&vue=exporter' URL. An example of exploitation is http://localhost/[PATH]/?BaZar&vue=exporter&id=-1 UNION SELECT 1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15#
Integria IMS version 5.0.83 and possibly before are affected by Cross-Site Request Forgery vulnerability, an attacker could delete users through GET or POST requests.
search_string parameter is vulnerable to Reflected Cross-Site Scripting (XSS) attacks through a GET request in index.php resource.
An attacker can take the admin account via sending the Malicious link to the authenticated user then the Victim clicks on the malicious link then the admin password is change
LanSpy 2.0.1.159 is vulnerable to a local buffer overflow vulnerability. This vulnerability can be exploited by an attacker to execute arbitrary code on the target system. The vulnerability exists due to insufficient boundary checks when processing user-supplied input. An attacker can exploit this vulnerability by crafting a malicious file and sending it to the target system. When the file is opened, the attacker can execute arbitrary code on the target system.
CVE-2016-4486 leaks 32-bits arbitrary kernel memory from uninitialized stack. This exploit gets 61-bits stack base address among the 64-bits full address. The remaining 3-bits is not leaked because of limitation of ebpf. The exploit is performed in three steps: 1) Spraying kernel stack as kernel stack address via running ebpf program; 2) Trigger CVE-2016-4486 to leak 4-bytes which is low part of stack address; 3) Leak high 4-bytes of stack address by doing operation on high-4bytes with carefully selected value which changes low-4bytes.
MegaPing is vulnerable to a Denial of Service (DoS) Local Buffer Overflow vulnerability. An attacker can exploit this vulnerability by running a python code, copying the content of EVIL.txt to the clipboard, opening MegaPing, pasting the content of EVIL.txt into the field 'Destination Address List', and clicking 'Start'. This will cause a crash.
A buffer overflow vulnerability exists in Excel Password Recovery Professional 8.2.0.0 when a maliciously crafted input is processed. An attacker can exploit this vulnerability to cause a denial of service condition. To exploit this vulnerability, an attacker must first create a maliciously crafted input, copy it to the clipboard, and then paste it into the 'E-Mail and Registrations Code' field of the application. When the 'Register' button is clicked, a denial of service condition will occur.
AnyBurn is vulnerable to a Denial of Service (DoS) Local Buffer Overflow vulnerability. This vulnerability is caused by a lack of proper validation of user-supplied input when creating an image file. An attacker can exploit this vulnerability by creating a malicious file containing a large amount of data and then copying it to the clipboard. When the user attempts to create an image file using the 'Copy disk to Image' option in AnyBurn, the malicious data will be copied into the 'Image file name' field, resulting in a crash.
There is an out-of-bounds write vulnerability in jscript.dll in JsArrayFunctionHeapSort function. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network. The vulnerability occurs when sorting an array with a provided comparison function. One of its arguments is the number of elements in the input array/object. The function then allocates a temporary array of the this size, copies all properties of the input array/object into it (where property name is numeric and smaller than the "length" property of the input object) and proceeds to sort the temporary array. Normally, the allocated array is sufficient to store all the properties to be sorted. However, in the case of the attached PoC, where the sorted object prototype is the arguments object, when calculating the number of elements, the number of elements in the arguments object aren't taken into account, which leads to an overflow.
Services By CQR