An attacker can exploit this vulnerability by entering the link below and creating an account, followed by entering a malicious SQL command in the 'course_id' parameter of the 'author' page.
This exploit allows an attacker to change the password of a router without authentication. The exploit uses a POST request to the router's mod__login.asp page with the new password in the data parameter. The exploit is possible due to the lack of authentication on the router's mod__login.asp page.
Exodus is vulnerable to command injection when the --gpu-launcher parameter is used. An attacker can inject arbitrary commands into the parameter, which will be executed by the underlying operating system. This vulnerability affects Exodus versions prior to 1.0.0.
An issue was discovered in DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify the configuration. This vulnerability may lead to username and/or password changing, Wi-Fi password changing, etc.
A buffer overflow vulnerability in the ActiveX control INetViewX bundled by Lorex Technologies in their EDGE series of video surveillance systems allows remote code execution. The vulnerability can be triggered by a long string (10000+ characters) in the HTTP_PORT parameter. The instruction pointer can be very easily controlled in XP by the characters 109 to 113 in the string.
While fuzzing LibreOffice an integer overflow and a heap overflow were found in the ICU library. This library is used by LibreOffice and hundreds of other software packages. Proof of concept files can be downloaded from [1]. These files have been tested with LibreOffice 4.3.3.2 and LibreOffice 4.4.0-beta2 and ICU 52. Under certain conditions isolateCount is incremented too many times, which results in several out of bounds writes. The overflow is on the resolveImplicitLevels function (ubidi.c:2248): pBiDi->isolates[pBiDi->isolateCount].state=levState.state; pBiDi->isolates[].state is a int16, while levState.state is a int3. This results in an integer overflow.
The AsusWRT HTTP server has a flaw in handle_request() that allows an unauthenticated user to perform a POST request for certain actions. This means that an unauthenticated user can perform a POST request to the router, and the router will execute the code in the handler->input() function. The AsusWRT HTTP server has a command injection vulnerability in the handle_request() function. This means that an unauthenticated user can perform a POST request to the router, and the router will execute the code in the doSystem() function.
The Blizzard Update Agent utility creates an JSON RPC server listening on localhost port 1120, and accepts commands to install, uninstall, change settings, update and other maintenance related options. Blizzard use a custom authentication scheme to verify the rpc's are from a legitimate source, but this design will not work because of an attack called 'dns rebinding'. Any website can simply create a dns name that they are authorized to communicate with, and then make it resolve to localhost, allowing them to send privileged commands to the agent.
The vulnerabilities found in the core graphics framework (VBVA subcomponent) and affect all host operating systems. They provide an arbitrary read/write primitive in the userland VirtualBox host process, relative to the guest’s VRAM buffer. The VGA device emulated by VirtualBox is associated with a certain amount of VRAM, which is mapped contiguously in both the host process running the VM and in guest kernel memory. Parts of it are used as general-purpose shared memory segment for communication between the host and guest (host-guest shared memory interface, HGSMI). Using this mechanism, the guest can issue certain commands to the host, for example to implement the mouse pointer integration and seamless windows features. The guest can also tell the host to copy data around inside the VRAM on its behalf, via a subsystem called VDMA.
This module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 by using the import command option to import a specially crafted xml file.
Services By CQR