A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows a local attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter.
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
Path Traversal in Gateway in Mirasys DVMS Workstation <= 5.12.6 allows an attacker to traverse the file system to access files or directories via the Web Client webserver.
A remote code execution vulnerability exists in 'Microsoft COM for Windows' when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability.
Redatam web server windows server running LFN parameter affected by directory traversal. Making a wrong request causes directory leak.
Audiograbber 1.83 is vulnerable to a local buffer overflow vulnerability. An attacker can exploit this vulnerability by crafting a malicious file and convincing the user to open it. This will allow the attacker to execute arbitrary code on the vulnerable system.
A Cross-Site Request Forgery (CSRF) vulnerability exists in RabbitMQ Web Management versions prior to 3.7.6. An attacker can craft a malicious HTML page that, when visited by an authenticated user, will submit a POST request to the /api/users/rootadmin endpoint with the username, password, and tags parameters set to rootadmin, rootadmin, and administrator, respectively. This will create a new administrator user in the RabbitMQ instance.
Joomla! Component jomres 9.11.2 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can craft a malicious HTML page and send it to the victim. When the victim visits the malicious page, the attacker can force the victim to perform unintended actions on the vulnerable website. This can be used to create a new user account with administrative privileges.
This exploit is a proof of concept for a Use After Free vulnerability in Pale Moon Browser versions prior to 27.9.3. The vulnerability is triggered when the SetVariable() function is called with a NodeList object as the first argument. This causes a Use After Free condition, which can be used to execute arbitrary code.
Services By CQR