WordPress Export Users to CSV plugin version 1.1.1. and before are affected by Remote Code Execution through the CSV injection vulnerability. This allows an application user to inject commands as part of the fields of his profile and these commands are executed when a user with greater privilege exports the data in CSV and opens that file on his machine.
getImageData() in ImageBufferCairo.cpp multiplies rect.width() * rect.height() * 4 without any overflow checks. If result is larger than UINT_MAX, heap-based buffer overflow via integer overflow will occur, which could be exploited further. Works on WebKitGTK+ <2.20.3 and WPE WebKit <2.20.1
A buffer overflow vulnerability exists in ObserverIP Scan Tool 1.4.0.1, which could allow an attacker to cause a denial of service condition. The vulnerability is due to insufficient boundary checks when handling user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted payload to the vulnerable application. This will cause the application to crash.
An attacker can exploit a vulnerability in TP-Link WR840N 0.9.1 3.16 by connecting to the network, opening BurpSuite and intercepting the connection, and then pasting a string consisting of 2000 zeros. This will cause the router to log out and the network connection to be lost.
In OpenEmr a user that has access to the portal can send a malicious POST request to read/write arbitrary files. Vulnerable code and proof of concept is provided in the text.
In ASUS-DSL N10 C1 modem Firmware Version 1.1.2.2_17 there is login_authorization parameter in post data, that use for authorization access to admin panel, the data of this parameter is not fully random and you can use old data or data of another device to access admin panel.
The Asustor NAS appliance on ADM 3.1.0 and before suffer from multiple critical vulnerabilities. The vulnerabilities were submitted to Asustor in January and February 2018. The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter. The application fails to santitize user input after the cgi file executes a call to a local shell script. Exploitation of this vulnerability allows an attacker execution of arbitrary commands on the host operating system, as the root user, remotely and unauthenticated. The tree list functionality in the photo gallery application of the ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from multiple blind SQL injection vulnerabilities. The application fails to santitize user input after the cgi file executes a call to a local shell script. Exploitation of this vulnerability allows an attacker to extract sensitive information from the database, such as usernames and passwords, remotely and unauthenticated.
This exploit allows an attacker to cause a denial of service on the JioFi 4G Hotspot M2S 150 Mbps Wireless Router by entering a malicious code into the SSID name and Security Key fields. This causes the router to restart and the SSID name and Security Key to be blanked out.
This module exploits an unauthenticated directory traversal vulnerability which exits in administration console of Oracle GlassFish Server 4.1, which is listening by default on port 4848/TCP.
This module exploits a directory traversal vulnerability which exists in cgit < 1.2.1 cgit_clone_objects(), reachable when the configuration flag enable-http-clone is set to 1 (default).
Services By CQR