Has been detected a Persistent XSS vulnerability in the web interface of Kodi, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser.
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the 'View Search By Id' screen). An attacker can put a malicious script in the search field to execute arbitrary code on the victim's browser.
The vulnerability exists in Rvsitebuilder CMS, which allows an attacker to download the database backup file without authentication. The attacker can access the file by sending a request to the URL http://Target/rvsDbBackup.sql.
SQL injection and Cross site script vulnerabilities are found on ALL parameter of MySAR. An example of a SQL injection attack is http://server/mysar/index.php?a=IPSummary&date=[SQLi], and an example of a Cross Site Scripting attack is http://server/mysar/index.php?a=IPSummary&date=2018-04-14"><script>alert(1)</script>
This exploit is a buffer overflow vulnerability in a server listening on port 9121. The exploit sends a malicious payload of 1000 bytes to the server, which causes a buffer overflow and allows the attacker to execute arbitrary code on the server.
This vulnerability allows an attacker to read and write out-of-bounds memory in Windows GDI Bitmap objects. The vulnerability is caused by the lack of proper bounds checking when accessing the bitmap object. An attacker can exploit this vulnerability by creating a malicious bitmap object and then accessing memory outside of the bounds of the object. This can lead to information disclosure, privilege escalation, and other malicious activities.
A vulnerability exists in Brave Browser versions prior to 0.13.0, which allows an attacker to remotely consume resources on the target system by executing a window.close(self) JavaScript code.
A denial of service vulnerability exists in Brave Browser versions prior to 0.13.0 due to a long alert() argument. An attacker can exploit this vulnerability by creating a malicious HTML page with a long alert() argument, which when opened in Brave Browser will cause the browser to consume large amounts of resources and eventually crash.
A vulnerability in D-Link DIR-615 Wireless Router allows an attacker to inject malicious JavaScript code into the router's web interface. This code is then executed in the context of the router's web server, allowing the attacker to perform various malicious activities such as stealing session cookies, redirecting users to malicious websites, etc. The vulnerability exists due to insufficient input validation of the user-supplied data in the router's web interface. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the router's web interface.
A buffer overflow vulnerability exists in Ultra MiniHTTPd 1.2 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability can be exploited remotely via a specially crafted HTTP GET request.
Services By CQR