Due to improper user input management low privilege users are able to create a persistent Cross-Site scripting attack via the phone book function. The PoC involves sending a POST request with malicious JavaScript code to the router. The response will contain the malicious code, which will be executed in the browser.
A Cross-Site Scripting (XSS) vulnerability was discovered in Cybrotech CyBroHttpServer 1.0.3. An attacker can send a malicious request containing a script to the vulnerable server, which will be executed in the victim's browser. This can be used to steal cookies, hijack sessions, and perform other malicious activities.
Quizlord is prone to Stored Cross Site Scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability by injecting malicious JavaScript code in the 'title' parameter of the 'ql_insert' action. The malicious code will be executed when a user visits the page containing the shortcode [quizlord id='#'].
Being local to the network and having only 'User' account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain 'Admin' rights due to the admin password being displayed in XML.
A buffer overflow vulnerability exists in Nord VPN version <= 6.14.31 which allows an attacker to cause a denial of service condition by running a python exploit code and copying the content of the generated file into the password field of the Nord VPN application.
NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 is vulnerable to a denial of service attack when a maliciously crafted username is provided. This can be exploited by an attacker to crash the application.
A denial of service vulnerability exists in Trillian 6.1 Build 16 when a maliciously crafted username is used in the 'Sign In' process. An attacker can exploit this vulnerability by running the python code 'trillian.py', copying the context of 'trillian.txt' to the clipboard, pasting the clipboard on the 'Username' field, entering '1234' on the 'Password' field, and then clicking 'Sign In'. This will cause the application to crash.
A buffer overflow vulnerability exists in Easy PhotoResQ 1.0, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error when handling a specially crafted file. This can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted file. Successful exploitation of this vulnerability may allow an attacker to cause a DoS.
A buffer overflow vulnerability exists in HD Tune Pro 5.70, which could allow an attacker to cause a denial of service condition. The vulnerability is triggered when an attacker supplies a specially crafted file to the application, which is then loaded into memory. This could result in a crash of the application, leading to a denial of service condition.
The vulnerability exists due to a boundary error when processing user-supplied data, which can be exploited to cause a denial of service. An attacker can send a specially crafted request to trigger this vulnerability and crash the application.
Services By CQR