Clone 2 GO Video converter 2.8.2 is vulnerable to a remote code execution vulnerability due to a buffer overflow. An attacker can exploit this vulnerability by sending a specially crafted malicious file to the vulnerable application. This will allow the attacker to execute arbitrary code on the target system.
Creates a page that shows threads that the user has posted in when they have unread replies. Proof of Concept: Create or reply to a thread with the following subject <script>alert('XSS')</script> When someone replies to the thread you will see the alert here /misc.php?action=myrecentthreads
ext4_find_inline_data_nolock() attempts to locate an inode's inline data by searching for the system.data xattr using ext4_xattr_ibody_find(). If the inode has xattrs, ext4_xattr_ibody_find() first checks them for corruption using xattr_check_inode(), then grabs the wanted xattr using xattr_find_entry(). xattr_check_inode() uses ext4_xattr_check_entries() to check the individual xattrs, but skips most checks if `entry->e_value_inum != 0` (marking an xattr whose value is in a dedicated inode) - only for inline values, length and offset checks are performed to ensure that the value actually fits into the inode. The problem is that ext4_find_inline_data_nolock() then assumes that the returned xattr uses inline storage and that the returned length will fit into the inode; it stores the length field from the xattr in `EXT4_I(inode)->i_inline_size` without further checks. Later, when the file is read, ext4_read_inline_data() trusts this length value, causing an out-of-bounds memcpy() in the following line: memcpy(buffer, (void *)IFIRST(header) + le16_to_cpu(entry->e_value_offs), len);
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters are not properly sanitized, allowing malicious attackers to send a crafted URL and execute code in the context of the user's browser.
Cyber Ark port 1858 is a proprietary software and protocol to perform login and administrative services. The below is a sample login request that is needed to receive the memory. Linux cmd line manual test: cat logon.bin | nc -vv IP 1858 | xxd paste the following bytes into a hexedited file named logon.bin: fffffffff7000000ffffffff3d0100005061636c695363726970745573657200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020202020ffffffff0000000000000000000073000000cececece00000000000000000000000000000000303d4c6f676f6efd3131353d372e32302e39302e3238fd36393d50fd3131363d30fd3130303dfd3231373d59fd3231383d5041434c49fd3231393dfd3331373d30fd3335373d30fd32323d5061636c6953637269707455736572fd3336373d3330fd0000
Zip-n-Go v4.9 is vulnerable to a local buffer overflow vulnerability when a specially crafted malicious file is opened. This can be exploited to execute arbitrary code by overwriting the SEH handler with a malicious payload.
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
Services By CQR