If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer, causing an ASAN crash.
In the method RtpFrameReferenceFinder::ManageFrameVp9, tl0_pic_idx is extracted from the incoming packet, and it if is higher than any picture id that exists in gof_info_, the entire vector will be erased, and info will be used in the call FrameReceivedVp9 even though it has been freed.
A buffer overflow vulnerability exists in NICO-FTP 3.0.1.19, which could allow an attacker to execute arbitrary code on the target system. The vulnerability is due to a boundary error when handling user-supplied input. An attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable application. This may allow the attacker to execute arbitrary code on the system with the privileges of the vulnerable application.
This bug was found in the file: /localize-my-post/ajax/include.php include($_REQUEST['file']); The parameter "file" it is not sanitized allowing include local files To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact with the application.
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
It is possible to exploit a race condition in the CiSetFileCache kernel function by calling NtSetCachedSigningLevel. It is possible to create an image section with a writable (and executable) handle to the file and no part of CI then checks whether the caller has write access. To exploit this, the section signing level of the current process must be elevated using SetProcessMitigationPolicy or just running in a WDAC/CIG process. Then, a valid signed file must be copied to a known name and a writable and executable handle must be opened to that file. An oplock must be set on a known catalog file which will be checked, and NtCreateSection must be called with the handle requesting SEC_IMAGE. After waiting for the oplock to fire, the file must be rewritten with an untrusted image and NtCreateSection must be called again with the same handle. This will cause the kernel to cache the signature of the untrusted image, bypassing the signature checks.
This plugin allows scheduling of automated autoresponder messages and newsletters, and managing a mailing list. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request. Nine Reflected XSS vulnerabilities exist in lines 22-23, 28, 29, 30, 31, 32, 33, 34, and 35 of controllers/list.php and bft_list.html.php respectively.
A vulnerability exists in the String.prototype.localeCompare method of JavaScript, which can be exploited to execute arbitrary JavaScript code. This is possible due to the fact that the JavaScript version of the method does not update ImplicitCallFlags, allowing malicious code to be executed without touching the flag. The vulnerability can be exploited by overriding the toString method of the first parameter to the localeCompare method, which will execute the malicious code.
The FTP service is vulnerable to a Denial of Service attack. Attackers simply need to log into the router and send and valid FTP command with a character offset of 1461 as the command input.
Joomla Component JCK Editor 6.4.4 is vulnerable to a 'parent' SQL Injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted payload to the 'parent' parameter of the links.php page. The payload is 'UNION SELECT NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL -- aa'. This will allow the attacker to execute arbitrary SQL queries on the vulnerable system.
Services By CQR