The vulnerability occurs when stack-allocated variables are copied to the heap. This can lead to type confusion, as the two variables share the same buffer. An attacker can exploit this vulnerability by converting the type of one of the variables, which will then be reflected in the other variable.
AsmJSByteCodeGenerator::EmitCall which is used to emit call insturctions doesn't check if an array identifier is used as callee. The method handles those invalid calls in the same way it handles valid calls such as 'arr[idx & ...]()'. In these cases, the index register remains NoRegister which is (uint32_t)-1. It results in OOB read.
The PoC is triggerable when the 'DeferParse' flag is enabled and requires a with statement. It can be triggered by using '
'.repeat(0x1000) or by using the command ./ch poc.js -ForceDeferParse.
Chakra fails to distinguish whether the function is referenced in the param scope and ends up to emit an invalid opcode.
The vulnerable method exposes 'scriptFunction' as 'this' when getting the 'length' property. A proof of concept code is provided which uses the __defineGetter__() method to set the 'length' property of the function to a variable, which is then used to call the 'scriptFunction' with arbitrary parameters, leading to type confusion.
Chakra, the JavaScript engine used in Microsoft Edge, is vulnerable to an integer overflow in the JIT optimization process. This vulnerability occurs when an integer overflow continuously occurs in the JITed code or it's known that a value doesn't fit in an int at compile time. In such cases, Chakra considers the value to be a float, which can lead to an integer overflow. This can be exploited to cause a denial of service or potentially execute arbitrary code.
The Master IP CAM 01 suffers of multiple vulnerabilities: Is possible to access telnet with the hardcoded credential root:cat1029. Download: http://192.168.1.15/web/cgi-bin/hi3510/backup.cgi. Upload Form: <form name="form6" method="post" enctype="multipart/form-data" action="cgi-bin/hi3510/restore.cgi" > <input type="file" name="setting_file" > <input type="submit" value="restore" > </form>. Change configuration: http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=sethttpport&-httport=8080. List of available commands here: http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf. Retrieve sensitive information: http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=getuser.
The vulnerability is in the key parameter of phpprint.php. The $key variable is not encoded, which allows for easy XSS exploitation. The proof of concept is http://vulnerable/index.php?action=Login&module=Users&print=a&"/><script>alert('xss')</script>
The Belkin N600DB Wireless Router is vulnerable to multiple security issues, including wireless fingerprinting, web fingerprinting (with locked web interface), disclosure of wifi password, closed 'HTTPD server' port, web backdoor, and server-side request forgery (HTTP/FTP).
The vulnerability exist in the web interface of D-Link's various routers which are susceptible to unauthorized DNS change. The problem is when entering an invalid / wrong user and password. Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices who try to access certain sites are instead redirected to possibly malicious sites. Modifying systems' DNS settings allows cybercriminals to perform malicious activities like steering unknowing users to bad sites, replacing ads on legitimate sites, controlling and redirecting network traffic, and pushing additional malware.
Services By CQR
