By sending a crafted network packet, it's possible construct a stack overflow in Call of Duty: Modern Warfare (amongst other versions).
A vulnerability in Airties AIR5444TT could allow an unauthenticated attacker to inject malicious JavaScript code into the application. This vulnerability exists due to insufficient validation of user-supplied input in the 'page' and 'productboardtype' parameters of the 'top.html' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious JavaScript code to the vulnerable application. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the vulnerable application.
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse "puiframeworkproresenu.dll" file in the current working directory, due to a search order flaw vulnerability. An attacker can create a 32bit DLL named "puiframeworkproresenu.dll" and put any .PDF or .PPTX file or whatever that is configured to open in Polaris Office in same directory as the above DLL. When the document is opened, the arbitrary DLL will execute on victims system.
By exploiting the group manipulation vulnerability on affected and unpatched devices an attacker is able to gain access to the command line interface (CLI) of the device. This allows the attacker to gain full control over the device and to manipulate the configuration.
An integrated part of SEC Consult Europe | Asia | North America, a local root jailbreak vulnerability was discovered in all ADB Broadband Gateways / Routers (based on Epicentro platform). By exploiting the local root vulnerability on affected and unpatched devices an attacker is able to gain full access to the device with highest privileges. Attackers are able to modifiy the firmware, install backdoors, intercept sensitive data, etc.
An integrated part of SEC Consult Europe | Asia | North America https://www.sec-consult.com By exploiting the authorization bypass vulnerability on affected and unpatched devices an attacker is able to gain access to settings that are otherwise forbidden for the user, e.g. through strict settings set by the ISP.
A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the 'cddocument' parameter in the 'Downloading Electronic Documents' section.
VLC media player through 2.2.8 is prone to a Use-After-Free (UAF) vulnerability. This issue allows an attacker to execute arbitrary code in the context of the logged-in user via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
ShopNx 1 is an Angular 5 single page application which suffers from arbitrary file upload vulnerability. Attacker can upload malicious files on server because the application fails to sufficiently sanitize user-supplied input.
Online trading and cryptocurrency investment system 1 allows information disclosure by appending /dashboard/deposit. The following path contains database credentials and other information (username , password , database_name etc).
Services By CQR