This vulnerability allows an attacker to include local files on the target system by manipulating the 'file' parameter in the '/chat/admin/inc/help.php' file. By exploiting this vulnerability, an attacker can read sensitive files on the target system.
The SoftX FTP Client 3.3 is vulnerable to a Denial of Service (DoS) attack. By providing a specially crafted payload to the application, an attacker can cause the program to crash, resulting in a denial of service condition. The vulnerability exists due to a lack of proper input validation.
On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
This exploit creates a file with a large payload, causing a denial of service in Termite 3.4. By running a python script, a new file called "boom.txt" is created with a payload of 2000 bytes. When this content is copied and pasted into the "User interface language" field in Termite 3.4, it triggers a denial of service.
The Joomla! Component Micro Deal Factory version 2.4.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting SQL code into the 'id' parameter of various URLs, potentially gaining unauthorized access to the database.
The vulnerability can be triggered by using one computer to create a filesystem on a USB key (or other removable media), then editing its filesystem label to include a bunch of %n's, removing and inserting the media into another computer running udisks2 <=2.8.0. This binary runs as root, and if exploited in that capacity could potentially allow full compromise. This will cause a denial of service, crashing udisks2 and not letting it restart (or until /var/lib/udisks2/mounted-fs is removed and the system is restarted). This keeps the system from automounting things like USB drives and CDs. The vulnerability -may- be exploitable beyond a DoS by crafting a format string exploit and putting it in the label of the drive. I tried to exploit it for a couple of days but cannot find a filesystem with a lengthy enough label to be able to fit the exploit and spawn a root shell, as the smallest shellcode I could make was around 50 characters, and the longest filesystem labels I could find are limited to 32 characters.
The vulnerability allows an attacker to include arbitrary files from a remote server, which can lead to remote code execution or information disclosure.
Any user can read files from the TV, without authentication due to an existing LFI in the following path: http://SuperSign_IP:9080/signEzUI/playlist/edit/upload/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd
This bug allows for local or remote file inclusion in the Wechat Broadcast plugin for WordPress. The vulnerability can be exploited by using the version 1.0 of the HTTP protocol to interact with the application. The specific file affected is /wechat-broadcast/wechat/Image.php, where the 'url' parameter is not properly sanitized.
A number of registry system calls do not correctly handle pre-defined keys resulting in a double dereference which can lead to EoP.
Services By CQR
