Ubiquiti Networks Community online service web application allows for malicious script code to be inserted in the filename.
002d12b4f423b45de91babce8e586c124de4cd418c0f8a59c5ba722de1cf4597
Input passed to the 'file_name' parameter in 'get2post.php' script is not properly sanitised before being used to get the contents of a resource and delete files. This can be exploited to read and delete arbitrary data from local resources with the permissions of the web server using a proxy tool.
b34289732116b4bcb2f1cc6baf7009b19a2cf9b4141f05c2872a8413c0e3056e
up.time suffers from a privilege escalation issue. A normal user can elevate his/her privileges by sending a POST request setting the parameter 'userroleid' to 1. Cross site request forgery can be used to exploit this attack.
7d8991bd1c8571696c4d5bc0528881855899add84755aee81553925cb1fb5cd5
up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF, privilege escalation, arbitrary text file creation, and renaming that file to php you can execute system commands with SYSTEM privileges.
949580b449c0517f641c161c6b8c3484aee9aca17ee184db120e309739d67e3f
up.time version 7.5.0 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
90f994cc5cd98108a1348a7bdc9bb5646926787ce5ab51d82604ccd07d720675
SiteFactory CMS version 5.5.9 suffers from a directory traversal vulnerability.
e4ab1c3da31d5df71707d83aff72277e904feb00d2b2303509770774c51338d3
Microsoft HTA (HTML Application) suffers from a remote code execution vulnerability.
bbdb1ff7a0240544683ac43328710d675b6ca6730cc5f656f38cbceae8da9dd3
Vifi Radio version 1 suffers from a cross site request forgery vulnerability. Exploit to add administrator included.
11d68726482c4931dd8bc7f9412e5b40a7a7002254633c42a4116b2ca2be56fb
Vifi Radio version 1 suffers from a cross site request forgery vulnerability. Exploit to upload a shell included.
6e4d34f2dea11cbb4c459268cca16e9324f4452dfcc3d0ee46d37ee3d7f0c2d1
PDF Shaper version 3.5 suffers from a buffer overflow vulnerability.
1a862bd6f348439cf319bf9e523b76685ab407b894d14f0f8869b6561ddf0418
WebSolutions India Design CMS suffers from a remote SQL injection vulnerability.
c061545b9e430bd03eedcdc7c87c3bb0051c3de84e39af7ff0c47318939c2ae9
Multiple ChiefPDF software such as PDF to Image Converter and PDF to Tiff Converter suffer from a buffer overflow vulnerability.
ffed99b419802af6605e6b28fb1865cc96f61850767f2496d2612b3364bc82e0
Ubiquiti Networks suffers from a cross site scripting vulnerability.
a50cae4abbdd6321e36ece3542888a733c6cff6b46e247e0ef2451a3ed1e3697
Flash suffers from a use-after-free vulnerability in SurfaceFilterList::CreateFromScriptAtom.
f25272c8a1f372c28e643e729835debc9a97b7068e8da8e97a5a220acf1e5a89
Flash version 18.0.0.209 contains new mitigations to defend against corruptions of Vector.<uint> (and other) lengths. One of these mitigations, at Vector access time, compares the Vector's in-memory length with a representation of the same length XOR'ed with a secret cookie. The bypass comes about because the secret cookie value is stored inside a structure, and a pointer to that structure is stored alongside the Vector length.
fcdf12cd364c0ea733d2eac6b27e7d2f9f878fe5206bb8c75cbfc449ce599745
There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.
45e43f90ddcb052986798b06cfd1f46ebd1983e9b8561f2e5e9f429141da9e39
If an mp3 file contains compressed ID3 data that is larger than 0x2aaaaaaa bytes, an integer overflow will occur in allocating the buffer to contain its converted string data, leading to a large copy into a small buffer. A sample fla, swf and mp3 are attached. Put id34.swf and tag.mp3 in the same folder to reproduce the issue. This issue only works on 64 bit platforms.
35155caf981a1919c824478ec4353bf7b0386be80fed9f35592dd6d487b2c05c
The Shared Object constructor does not check that the object it is provided is of type Object before setting it to be of type SharedObject. This can cause problems if another method (such as Sound.loadSound) calls into script between checking the input object type, and casting its native object.
19f7464f744154d2d6dd211423377f3e324df119f1b2817fad6a0f7b4e6ae5f4
A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.
6730e4bcb74ff3ada116f87db7b421bf1d013003c83ef00b178f449904c4d335
The maintenance service creates a log file in a user writable location. It's possible to change the log file to a hardlink to another file to cause file corruption or elevation of privilege.
9a1d92cce93d1ad86dd9eac6ec55a2b6aedcc3249f5d93fb13aea55da6b68ba6
Flash suffers from a heap-based buffer overflow due to an indexing error when loading FLV files.
4673942893163cde81ade110d85287f3016da128ff399dfaf5a45be550ea11c7
Flash suffers from a heap-based buffer overflow vulnerability.
6dc90c34eaf395d7b5fc097c96fc3bbf1b826f568a8b16ab718447c06a8884a7
A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86. The crash is caused by a 1 bit delta from the original file at offset 0x31B.
03f7aa286c6f7a41a1b151784a5669dfb726e0a84605f216c88584600f74d02f
A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.
a0cd6e10f73a59037ae74f44a92933339dbaf1a11fe054b8edf070270dd6a4c0
There is a type confusion issue in the TextFormat constructor that is reachable because the FileReference constructor does not verify that the incoming object is of type Object (it only checks that the object is not native backed). The TextFormat constructor first sets a new object to type TextFormat, and then calls into script several times before setting the native backing object. If one of these script calls then calls into the FileReference constructor, the object can be set to type FileReference, and then the native object will be set to the TextFormat, leading to type confusion.
913b0be9845adb6b994362bb787074269b6c1eeb7980d5b0f158933108a65e1a