A stack overflow vulnerability exists in PRTG Network Monitor 18.1.39.1648. An attacker can send a malicious POST request to the vulnerable server with a specially crafted payload to trigger a stack overflow, resulting in remote code execution.
Free Download Manager 2.0 Built 417 is vulnerable to a local buffer overflow vulnerability when a malicious URL file is imported. This can be exploited to execute arbitrary code by sending a specially crafted URL file to the application. The vulnerability is due to a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
This exploit is used to exploit the Apache CouchDB JSON Remote Privilege Escalation Vulnerability (CVE-2017-12635). It takes the host, port, username and password as arguments and creates a user with admin privileges on the remote host. It then uses a payload to create the user and if the status code is 201, the exploit is successful.
Cobub Razor 0.8.0 is vulnerable to physical path leakage. An attacker can send a GET request to the URL http://localhost/export.php and a POST request to the URL http://localhost/index.php?/manage/channel/addchannel with the data channel_name=test&platform=1. This will allow the attacker to access the physical path of the application and view the source code of the application.
A buffer overflow vulnerability exists in VX Search 10.6.18 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted input to the application, which can result in arbitrary code execution. This vulnerability affects Windows 7 32-bit.
The state changing actions in JS Jobs before 1.2.1 not having any random token validation which results in Cross Site Request Forgery Vulnerability.
RSVG throws a segmentation fault when malformed SVG is submitted as input. GDB Stacktrace shows that the issue is caused by _fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c file.
pdfunite is a part of poppler package in ubuntu. pdfunite is prone to a local bufferoverflow when a malformed pdf is used to unite with another pdf. Following is the gdb stack trace: Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault.
When submitting a CF form, the plugin will show a greeting message to notify the user that everything went ok. This message is editable by the site's admin and can contain part of the user-supplied data (e.g. they're first name). In this case, simply inject HTML code into the parameter which gets returned in the greeting message and submit the POST request. A JSON response will follow, containing, among other data: the greeting message (“html”, which contains the malicious payload that gets executed right away), form's ID (“form_id”), data's ID (“cf_id”). At this point, to reach the stored XSS, simply build a GET request using the obtained data. The malicious payload will be executed as soon as the page is loaded.
A vulnerability in Lutron Quantum 2.0 - 3.2.243 firmware allows an attacker to bypass authentication and leak device and network information. The vulnerability exists due to insufficient authentication checks when handling requests to the deviceIP page. An attacker can exploit this vulnerability by sending a specially crafted request to the deviceIP page. Successful exploitation of this vulnerability could allow an attacker to bypass authentication and leak device and network information.
Services By CQR