A vulnerability in the Plugin to Wordpress Woo Import Export 1.0 allows an attacker to execute arbitrary code on the server. This is due to the fact that the $_POST['file_name'] parameter is not escaped. An attacker can craft a malicious request to the server and execute arbitrary code.
gif2apng is vulnerable to a stack based buffer overflow when a malformed gif is supplied. Following is the stack trace: $ ./gif2apng fuzz.gif gif2apng 1.9 using 7ZIP with 15 iterations Reading 'fuzz.gif'... Address 0x7fffb183bcf1 is located in stack of thread T0 at offset 16977 in frame #0 0x4eb23f (/home/shyam/FUZZ/gif2apng+0x4eb23f). This frame has 6 object(s): [32, 36) 'size' [48, 8242) 'prefix' [8512, 12609) 'suffix' [12880, 16977) 'str' <== Memory access at offset 16977 overflows this variable [17248, 18272) 'data' [18400, 18401) 'mincodesize'
R 3.4.4 is vulnerable to a local buffer overflow vulnerability. An attacker can exploit this vulnerability by generating a malicious file, copying its contents to the clipboard, opening the application, selecting Edit, selecting 'GUI preferences', pasting the malicious file contents into 'Language for menus and messages', and selecting OK. This will cause a pop calc.
The Ericsson-LG iPECS NMS version A.1Ac and possibly earlier disclose sensitive information such as cleartext database and NMS login credentials, use incorrect access control mechanisms, are vulnerable to MiTM attacks and are prone to SQL injection attacks on multiple parameters. This script dumps some sensitive information.
Infamous VLC/Kodi/PopcornTime subtitle attack in libsubtitle_plugin.dll. This is the Proof of Concept of the reverse engineered heap corruption vulnerability affecting JacoSUB parsing in VLC/Kodi/PopcornTime. The crash is exploitable, but hard to exploit because of various environmental constraints such as threading/mitigations/scriptless.
Interspire Email Marketer versions 6.1.3-6.1.6 are vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request to the application with a forged cookie. This will allow the attacker to gain access to the application without authentication.
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the OpenAudIT before 2.2 via a value that is mishandled in a CSV export. Login and Navigate to the any field which is having export feature and create an entry with @SUM(1+1)*cmd|' /C calc'!A0. When user logged in and exported user data then the CSV Formula gets executed and calculator will get popped in his machine.
An issue was discovered in WUZHI CMS 4.1.0 (https://github.com/wuzhicms/wuzhicms/issues/132) There is a csrf vulnerability that can modifying the member's password. via index.php?m=member&v=pw_reset After the member logged in. open the exp page
A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser.
The view.php contains code to retrieve files but no code to verify a user should be able to view files or keep them from changing the path to outside of the uploadDir directory. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server, such as http://example.com/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd
Services By CQR