The vulnerability is caused due to an unspecified error in the cgis files filter used for configure properties. This can be exploited by sending a specially crafted HTTPS request (necessary authentication), which will cause the HTTPS service on the system to crash.
The Web Interface of the Bravo Tejari procurement portal does not use random tokens to block any kind of forged requests. An attacker can take advantage of this scenario and create a forged request to edit user account details like name, address of the company/individual, email address etc. He then uses social engineering techniques to target specific individuals whose account details he would like to change. He simply sends the link and tricks the user into clicking the forged http request. The request is executed and user account details are changed without his knowledge.
Network Time System (Server) "NTSServerSvc" service listens on Port 7001, unauthenticated remote attackers can crash the Server by sending exactly 11 bytes to the target system. Systems which may depend on critical time synchronization could then potentially be impacted.
Multiple vulnerabilities were identified in the Pictview image processing library embedded by the Toolkit and signed by ActivePDF. They could allow remote attackers to compromise applications relying on the Toolkit to process untrusted images.
This exploit allows an attacker to perform XSS and SQL injection attacks on the Ktauber.com StylesDemo Mod for phpbb 2.0.xx. The exploit uses LWP::UserAgent and HTTP::Request::Common modules to send HTTP requests and retrieve responses. The vulnerable site is specified in the configuration as http://www.forumup.com/stylesdemo/
This module sends a magic packet to a NETGEAR device to enable telnetd. Upon successful connect, a root shell should be presented to the user.
This exploit is a local buffer overflow in Dup Scout Enterprise version 10.5.12. By generating a specific file and copying its contents to the clipboard, an attacker can execute arbitrary code and potentially gain control of the affected system. The exploit has been tested on Windows 7 x86.
The exploit allows for the execution of arbitrary code by exploiting a buffer overflow vulnerability in Xion 1.0.125 when processing a .m3u file. The exploit leverages a SEH-based Unicode technique to corrupt memory and execute malicious code. The vulnerability is caused by a lack of proper input validation, allowing an attacker to overwrite the SEH frame and gain control of the program's execution flow. This can lead to remote code execution or a denial of service.
Performing XAS attacks automatically is possible using QuickTime .qtl files. This variant of the MOAB #3 and MP3 backdooring exploit allows code execution from remote when the default browser is Firefox. It can also be used to perform other XAS attacks.
This exploit allows an attacker to include remote files on a vulnerable web application using the modifyform.html?code= parameter. By manipulating the code parameter, an attacker can execute arbitrary code or disclose sensitive information from remote servers.
Services By CQR