A buffer overflow vulnerability exists in Wansview 1.0.2 which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error when handling specially crafted input. This can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted input passed to the affected application. Successful exploitation of this vulnerability may allow execution of arbitrary code.
When a USB mass storage device is inserted into an Android phone (even if the phone is locked!), vold will attempt to automatically mount partitions from the inserted device. For this purpose, vold has to identify the partitions on the connected device and collect some information about them, which is done in readMetadata() in system/vold/Utils.cpp. This function calls out to "blkid", then attempts to parse the results. Normally, the UUID string can't contain any special characters because blkid generates it by reformatting a binary ID as a printable UUID string. However, the version of blkid that Android is using will print the LABEL first, without escaping the characters this code scans for, allowing an attacker to place special characters in the fsUuid variable.
A buffer overflow vulnerability exists in Managed Switch Port Mapping Tool 2.81.2 when a maliciously crafted 'Name Field' is supplied, resulting in a denial of service condition.
This exploit allows an attacker to gain root privileges on a system running PostgreSQL 9.4-0.5.3 or earlier. The exploit involves creating a symbolic link from the PostgreSQL data directory to the cron.hourly directory, which allows the attacker to write a malicious script to the cron.hourly directory. The script creates a new user with root privileges, which can then be used to gain access to the system.
IP Finder 1.5 is vulnerable to a Denial of Service attack. By running the python exploit script, a new file with the name 'exploit.txt' is created. The content of this file is then copied and pasted into the password field of the Search&Config Tool program, resulting in a crash.
Microsoft DirectX SDK 'Xact3.exe' Cross-platform tool allows for arbitrary code execution via a Trojan horse file 'xbdm.dll' in the current working directory, upon opening a '.xap' project file from same location.
This plugin allows users to thank/like other users threads/posts. In user profiles it shows your most liked post/thread, the post/thread subjects aren't sanitized to user input. To exploit this vulnerability, use the following as the post/thread subject <script>alert('XSS')</script> and get that post/thread liked by another user (or you). Visit your profile to see alert.
This plugin allows users to thank/like other users threads/posts. In user profiles it shows your most liked post/thread, the post/thread subjects aren't sanitized to user input. Proof of Concept: Use the following as the post/thread subject <script>alert('XSS')</script> Get that post/thread liked by another user (or you) Visit your profile to see alert.
A vulnerability in Zimbra Mail server allows an attacker to inject malicious JavaScript code into the application. This can be done by sending a specially crafted URL to the application. The URL contains a malicious payload which is executed when the user visits the page. The payload can be used to execute arbitrary JavaScript code, which can be used to steal user data or perform other malicious activities.
A buffer overflow vulnerability exists in iSmartViewPro 1.5 when a long string is sent as input to the 'Password' field. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. To exploit this vulnerability, an attacker must first run a python code to generate a malicious string, copy the content to clipboard, open iSmartViewPro, click the '+' button, select 'add device manually', enter 'admin' as the device alias, enter '0.0.0.0' as the DNS/IP/DID, enter 'admin' as the account, paste the malicious string in the 'Password' field and save. This will trigger the buffer overflow.
Services By CQR