74 matches found
Foscam IP Video Camera CGIProxy.fcgi SMTP Test Host Parameter Configuration Command Injection Vulnerability(CVE-2017-2841)
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting...
Design/Logic Flaw
Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software WEB version 1.17.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-2226
Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software WEB version 1.17.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-2226
CVE-2017-2226 concerns a DLL search-path vulnerability in the Setup file of the National Tax Agency’s e-Tax software (WEB version). The installer for versions up to 1.17.0/1.17.1 insecurely loads dynamic libraries from an unspecified directory, enabling arbitrary code execution when a user runs t...
e-Tax DLL Load Remote Code Execution Vulnerability
National Tax Agency Setup file of advance preparation for e-Tax software is a set of installation files for e-commerce tax software from the National Tax Agency NTA of Japan. A remote code execution vulnerability exists in the installer in the National Tax Agency Setup file of advance preparation...
JVN#79451345: Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries
Installer of Setup file of advance preparation for e-Tax software WEB version provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...
Telegram Web 0.5.5 Username Bypass
Exploit Title: Telegram Web Empty Username Bypass Date: 18/10/2016 Author: Ashiyane Digital Security Team Software Link: https://web.telegram.org version : Telegram Web 0.5.5 Tested on: Windows 7 Description: Telegram filters null bytes for username input but you can bypass this filter with "NOP"...
Stored Cross-Site Scripting Vulnerability in the Location of Posted Messages in the Web Version of Xinhao Office Software
Xinhoo builds an Internet-based enterprise management platform for enterprises. A stored cross-site scripting vulnerability exists in the web version of Xinhao Office Software at the location of the published message. Due to the use of ordinary user login xiaoqiao, daqiao, in the " send to "...
Keeper IP Camera 3.2.2.10 - Authentication Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Keeper IP Camera - Authentication Bypass Date: 25/08/2015 Exploit Author: RAT - ThiefKing Vendor Homepage: http://www.keeper.cn/en/Camera-ip.asp Version: 3.2.2.10 WEB Version: 6.1.17.192 Tested on: QB200W, QB130W, QA130W,...
SQL Injection Vulnerability in Web Version of Ticket Management System of Shanghai Shengdai Information Technology Co.
Ltd. Ticket Management System Web Edition is a special ticket management system for airline ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending,...
IBM Security Access Manager Information Disclosure Vulnerability (CNVD-2014-09194)
IBM Security Access Manager software is a highly scalable user authentication, authorization and Web SSO solution for implementing security policies on a variety of Web and application resources, centralized management of online portals. An information disclosure vulnerability exists in IBM...
IBM Security Access Manager SQL Injection Vulnerability
IBM Security Access Manager software is a highly scalable user authentication, authorization and Web SSO solution for implementing security policies on a variety of Web and application resources, centralized management of online portals. A SQL injection vulnerability exists in IBM Security Access...
LOIC 1.0.8 (Low Orbit Ion Cannon) - A network stress testing application
Low Orbit Ion Cannon LOIC is an open source network stress testing and denial-of-service attack application, written in C. LOIC was initially developed by Praetox Technologies, but was later released into the public domain, and now is hosted on several open source platforms. LOIC performs a...
Wechat exposed two vulnerabilities: not authorized to login others account-vulnerability warning-the black bar safety net
Recently the black bar safety net vulnerability announcements section of the public Tencent wechat are two of the vulnerabilities. According to the vulnerability of the author described by the two vulnerability a hacker may not be authorized to access and log in directly to their wechat account...