There is a missing bounds check in inner loop of the escape handler for 0x7000014 that leads to a stack buffer overflow.
>> ARCHIVE: 2016-10
The escape handler for 0x10000e9 lacks bounds checks, and passes a user specified size as the size to memcpy, resulting in a stack buffer overflow.
PHP Support Tickets version 1.3 suffers from a local file inclusion vulnerability.
PHP Support Tickets version 1.3 suffers from a remote SQL injection vulnerability.
This Metasploit module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute…
InfraPower PPS-02-S Q213V1 suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exists due to several POST parameters in several scripts not being sanitized when using the exec(), proc_open(),…
InfraPower PPS-02-S Q213V1 suffers from multiple stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to…
InfraPower PPS-02-S Q213V1 suffers from a file disclosure vulnerability when input passed thru the ‘file’ parameter to ‘ListFile.php’ script is not properly verified before being used to read files. This…
InfraPower PPS-02-S Q213V1 suffers from a use of hard-coded credentials. The IP dongle firmware ships with hard-coded accounts that can be used to gain full system access (root) using the…
InfraPower PPS-02-S Q213V1 suffers from an insecure direct object reference authorization bypass vulnerability.