An attacker can cause a denial of service by sending a large number of malicious packets to the router, causing it to crash and lose connection.
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) before 2.56 build 13381 - 12.07.2018, allow unauthorized remote attackers to reset the authentication via "/xml/system/setAttribute.xml" URL, using GET request to the end-point "?id=0&attr=protectAccess&newValue=0" (successful attack will allow attackers to login without authorization).
MSVOD V10 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the database, user and version information.
There is an object lifetime issue in the Swiftshader OpenGL texture bindings (OpenGL/libGLESv2/Texture.cpp). The same bug is present in all versions of TextureXX::copyImage. The bug is triggered when egl::Image::create fails and the reference taken on renderTarget by source->getRenderTarget() is never dropped. The PoC is tested against 68.0.3440.7, and for versions prior to the fixes a different strategy (or at least texture sizes) will be needed to cause the allocations to fail. Note that the PoC is triggering the bug directly from javascript, which will taint the renderer process, so it's not possible to use this bug to escape the sandbox.
There is a remotely triggerable memory corruption issue in SwiftShader that is reachable from WebGL, resulting from an integer overflow issue. In the GPU process, there is validation on the sizes passed to texture creation functions to ensure that they shouldn't cause overflow. However, in the Swiftshader code there is a separate rounding up of render-target sizes to the next even size, which allows bypassing this validation.
Linux kernel prior to 4.14.8 utilizes the Berkeley Packet Filter (BPF) which contains a vulnerability where it may improperly perform sign extension. This can be utilized to escalate privileges. The target system must be compiled with BPF support and must not have kernel.unprivileged_bpf_disabled set to 1.
New Threads is a plugin that displays new threads on the index page. The thread titles allow XSS. Proof of Concept: Create a new thread with the following subject <script>alert('XSS')</script> Visit the index page to see alert.
WordPress Plugin All In One Favicon before 4.6 allows remote authenticated users to execute javascript code through XSS Persistent attacks. The following parameters are vulnerable: backendApple-Text, backendICO-Text, backendPNG-Text, backendGIF-Text, frontendApple-Text, frontendICO-Text, frontendPNG-Text, frontendGIF-Text.
Modx Revolution version 2.6.4 and below is vulnerable to Remote Code Execution. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable server via the 'ctx' parameter in the 'connectors/system/phpthumb.php' file. This payload will create a new file 'payload.php' in the root directory of the server. The attacker can then access the file to execute arbitrary code on the vulnerable server.
The 'download2.php' file in the admin panel of FTP2FTP 1.0 is vulnerable to an arbitrary file download attack. The attacker can download and read all files known by the name via 'id' parameter.
Services By CQR