TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.
The Jmol/JSmol plugin for the Moodle Learning Management System displays chemical structures in Moodle using Java and JavaScript. The plugin implements a PHP server-side proxy in order to load third party resources bypassing client-side security restrictions. This PHP proxy script calls the function file_get_contents() on unvalidated user input. This makes Moodle instances with this plugin installed vulnerable to directory traversal and server-side request forgery in the default PHP setup, and if PHP's 'expect' wrapper is enabled, also to remote code execution. Other parameters in the plugin are also vulnerable to reflected cross-site scripting. Note that authentication is not required to exploit these vulnerabilities. The JSmol Moodle plugin was forked from the JSmol project, where the directory traversal and server-side request forgery vulnerability was partially fixed in 2015.
A vulnerability has been found in the ActiveX control DLL (axvlc.dll) used by VLC player. This library contains three methods whose parameters are not correctly checked, and may produce a bad initialized pointer. By providing these functions specially crafted parameters, an attacker can overwrite memory zones and execute arbitrary code.
0day buffer overflow in the dtprintinfo(1) CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on Solaris/SPARC.
A user can gain admin level in the forum and can access to the forum. It is because of a SQL Injection in 'Active.asp'. After login to your VICTIM forum, execute the provided HTML exploit.
eSpace Meeting suffers from a heap-based memory overflow vulnerability when parsing large amount of bytes to the 'strNum' string parameter in GetNameyNum() in 'ContactsCtrl.dll' and 'strName' string parameter in SetUserInfo() in eSpaceStatusCtrl.dll library, resulting in heap memory corruption. An attacker can gain access to the system of the affected node and execute arbitrary code.
eSpace Meeting is prone to a stack-based buffer overflow vulnerability (seh overwrite) because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer when handling QES files. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
The phpBB Garage v1.2.0 - Beta3 is vulnerable to a remote SQL injection attack. An attacker can exploit this vulnerability by injecting malicious SQL queries through the 'make_id' parameter in the 'browse' mode of the 'garage.php' script. By manipulating the SQL query, the attacker can retrieve sensitive information such as user passwords and usernames from the 'phpbb_users' table.
VMware Workstation contains a DLL hijacking issue because some DLL.
This exploit allows an attacker to include local files on the server by manipulating the 'CFG[site][project_path]' parameter in the 'class_HeaderHandler.lib.php' file. The exploit can be accessed through the URL 'http://[Taget]/[script_path]/common/classes/class_HeaderHandler.lib.php?CFG[site][project_path]=localfile%00 / remote http://'.
Services By CQR