Windows Defender inspects a variety of different archive formats, among others RAR. Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code; given that it still processes the VMSF_UPCASE filter (which was removed in unrar 5.0), it seems that the code is derived from a version of unrar older or equal than 4.2.4. An attacker that can set PosR to be -2, and DataSize to 1, can cause a read past the end of the buffer, and a write to a negative offset.
JS Jobs 1.2.0 is missing validation on URL inserted by attacker/employer while creating company entry. An attacker can create a company entry by logging in as Employer and paste a payload in place of URL field such as javascript:alert(1) or data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K
It is a plugin which adds a page to download files. If enabled, regular members can add new downloads to the page after admin approval. To exploit this vulnerability, an attacker can add the following to the title <BODY ONLOAD=alert('XSS')> and when the admin goes to validate the download, he will be alerted.
A vulnerability exists in the JavascriptArray::BoxStackInstance method, which checks if the array has already been copied, and if so, it just returns the cached copied array stored in "boxedInstanceRef". An attacker can bypass the fix by invoking the method with "deepCopy" set to false, and from the next call, whatever the value of "deepCopy" is, the method will return the cached shallow-copied array.
The vulnerability is a type confusion issue in JavascriptArray::BoxStackInstance. The fix for issue 1420 only deep-copies the array when 'instance->head' is on the stack. By allocating 'head' to the heap, the fix can be bypassed.
The Genesis::InitializeGlobal method initializes the constructor of RegExp, but does not set the expected_nof_properties. This can be exploited to create a Map object with incorrect number of in-object properties, which can lead to memory corruption.
The vulnerability exists in the V8 JavaScript engine in the elements.cc file. The vulnerability is caused by the lack of proper type checking when accessing the elements of an array. This can be exploited by an attacker to cause type confusion in the GetEntryForIndexImpl function, which can lead to arbitrary code execution.
This vulnerability allows cybercriminals to modify systems' DNS settings, allowing them to perform malicious activities such as steering unknowing users to bad sites, replacing ads on legitimate sites, controlling and redirecting network traffic, and pushing additional malware. Systems with vulnerable systems or devices who try to access certain sites are instead redirected to possibly malicious sites.
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.
Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation.
Services By CQR