Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
A denial of service vulnerability exists in Skype Empresarial Office 365 16.0.10730.20053 when a maliciously crafted 'Dirección de inicio de sesión' is used. An attacker can exploit this vulnerability to cause a denial of service condition. This is done by running a python code to generate a maliciously crafted 'Dirección de inicio de sesión' and then copying the context to clipboard. The attacker then pastes the clipboard on 'Dirección de inicio de sesión' and then attempts to log in. This causes the application to crash.
A buffer overflow vulnerability exists in Fathom 2.4 which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error when handling authorization codes. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted authorization code. Successful exploitation of this vulnerability may allow an attacker to cause a DoS.
SIPP 3.3 is prone to a local unauthenticated stack-based overflow. The vulnerability is due to an unproper filter of user supplied input while reading the configuration file and parsing the malicious crafted value.
Episerver 7 patch 4 and below is vulnerable to XML External Entity Injection. The exploit starts a listening webserver, so the exploits needs a public IP and unfiltered port. The malicious DTD file is sent to the target which contains the EXFIL_FILE and RHOST. The exploit then sends a POST request with an XML payload containing the malicious DTD file. The target then sends the exfiltrated data to the webserver which is then printed out.
If victim DB Admin has active session with PhPMyAdmin < 4.7.7, Hitting this URL will result into DROP_TABLE, https://example.com/phpMyAdmin/sql.php?db=DATABASE_NAME&goto=db_structure.php&table=wp_users&reload=1&purge=1&sql_query=DROP+TABLE+%60wp_users%60&message_to_show=Table+wp_users+has+been+dropped. Exploit CSRF - Modifying the password of current user, Exploit CSRF - Arbitrary File Write, Exploit CSRF - Data Retrieval over DNS, Exploit CSRF - Empty All Rows From All Tables
Eaton Power Xpert Meters are used across industries for energy management, monitoring circuit loading, and identifying power quality problems. Meters running firmware 12.x.x.x or below version 13.3.x.x and below ship with a public/private key pair on Power Xpert Meter hardware that allows passwordless authentication to any other affected Power Xpert Meter. The vendor recommends updating to Version 13.4.0.10 or above. As the key is easily retrievable, an attacker can use it to gain unauthorized remote access as uid0.
A buffer overflow vulnerability exists in Immunity Debugger 1.85, which could allow an attacker to cause a denial of service condition. An attacker can leverage this vulnerability by creating a malicious file with a large number of 'A' characters and then opening the file in Immunity Debugger. This will cause the application to crash.
Run the python exploit script, it will create a new file with the name 'Instagram.txt' just copy the text inside 'Instagram.txt' and start the Instagram App - In Microsoft Windows 10. In The New Window Click 'Sign Up With Phone Or Email' And Select Email Tab. Now Paste The Content Of 'Instagram.txt' Into The Field: 'Email Address'. Click 'Next' And You Will See a [ Boom !!!! ] - Instagram App - In Microsoft Windows 10 Crash.
A denial of service vulnerability exists in Cisco Network Assistant 6.3.3 when a maliciously crafted input is sent to the 'Cisco Login' field, resulting in a crash of the application.
Services By CQR