Published Vulnerabilities

Wed
07
Mar
Editorial_Staff_Team's picture

FlashFXP Software Client – Buffer Overflow Vulnerability

FlashFXP Software Client – Buffer Overflow Vulnerability

The vulnerability laboratory researcher Benjamin Kunz Mejri discovered a new issue on the famous FLashFXP Software Client by OpenSight Software. The vulnerability is located when processing to force a ListIndex Out of Bound(s) exception which allows to overwrite ecx & eip of the affected software process. Successful exploitation can result in process compromise, execution of arbitrary code, system compromise or escaltions with privileges of affected vulnerable software process.

The flaw is a direct result of a fixed length buffer being used in the TListBox control and the lack of range checking. The code assumes that the string returned by the listbox control will be less than 4097 characters.

Fri
06
Jan
Editorial_Staff_Team's picture

Cyberoam UTM – Manually SQL Injection Exploitation

Cyberoam UTM – Manually SQL Injection Exploitation

With the release of the bug for Cyberoam UTM Appliance we wanted to give a detailed write up on the vulnerability. Benjamin Kunz Mejri & Pim J.F.P. Campers penetrated manually some month ago the security appliance cyberoam. Both detected (auth) a critical sql injection vulnerability. Before going indepth on the vulnerability first an description on what this product actually is an does.

Pages

Subscribe to RSS - Published Vulnerabilities