Unauthorized user can access Laravel log viewer by rap2hpoutre and use download function to download any file with laravel permission, by base64 encode the wanted file.
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.
Display last threads in user profile. Create a thread with the following subject <p """><SCRIPT>alert("XSS")</SCRIPT>"> Now visit your profile to see the alert.
XenForo CSS Loader DoS is a Denial of Service (DoS) vulnerability in XenForo 2 which allows an attacker to send a large number of requests to the target server, resulting in a denial of service. The vulnerability is caused by the lack of input validation in the css.php file, which allows an attacker to send a large number of requests to the target server, resulting in a denial of service. The attacker can use a tool such as the 'requests' library to send a large number of requests to the target server, resulting in a denial of service.
This exploit is a proof-of-concept for port forwarding and changing the WiFi password on the TL-WR720N 150Mbps Wireless N Router. It is vulnerable to CSRF, meaning that any action on the router can be triggered by an attacker. The exploit code loops through a list of router hosts and ports, and calls the portforward and change_wifi_pass functions to perform the malicious actions.
WM Recorder 16.8.1 is vulnerable to a denial of service attack. An attacker can generate a crash.txt file containing a buffer of 429 A characters, 4 B characters, 4 C characters, and 9562 D characters. The attacker can then open the application, go to Schedule Recordings, Open Scheduler, paste the contents of the crash.txt file in Stream URL, File name and Website URL, change End Recording date to future date, turn scheduler on, and select OK. This will cause the application to crash and overwrite the EIP register.
Crashmail is prone to a stack-based buffer overflow because the application fails to perform adequate boundary checks on user supplied input. An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts may result in a denial-of-service condition.
Exploits a backdoor in Hikvision camera firmware versions 5.2.0 - 5.3.9 (Builds: 140721 - 170109), deployed between 2014 and 2016, to assist the owner recover their password.
This vulnerability allows an attacker to read data from out of bounds memory by sending a crafted BNEP packet containing the BNEP_FRAME_CONTROL frame type, plus the BNEP_SETUP_CONNECTION_REQUEST_MSG control type. It does not include the 'len' field, therefore it is read from out of bounds.
This vulnerability is a heap leak in the Bluetooth Network Encapsulation Protocol (BNEP) which allows an attacker to leak bytes from the heap of com.android.bluetooth. The vulnerability is caused by a lack of proper validation of the length field in the BNEP packet. An attacker can send a BNEP packet with a length field greater than BNEP_FILTER_MULTI_ADDR_RESPONSE_MSG (0x06) and the response sent by bnep_send_command_not_understood() will contain 3 bytes: 0x01 (BNEP_FRAME_CONTROL) + 0x00 (BNEP_CONTROL_COMMAND_NOT_UNDERSTOOD) + leaked byte.
Services By CQR