An attacker can access sensitive credentials including username, password, and host information by navigating to the storage/logs/laravel.log file in Laravel-based websites and searching for 'PDO->__construct('mysql:host='. This can lead to unauthorized access to the system.
There is a remotely exploitable buffer overflow vulnerability in rpc.cmsd which ships with Sun's Solaris and HP-UX versions 10.20, 10.30 and 11.0 operating systems. The consequence is a remote root compromise.
This exploit causes a stack underflow crash in Microsoft Internet Explorer 11. The vulnerability affects the 32bit version of IE 11, specifically versions 11.0.9600.17843 and 11.0.10240.16431. It has been tested on Windows 7 64bit and Windows 10 (10240) 64bit. The exploit is triggered by executing the 'crash()' function.
A specially crafted web-page can cause Microsoft Internet Explorer to assume a CSS value stored as a string can only be 'true' or 'false'. An attacker that is able to set it to a smaller string can cause the code to read data out-of-bounds and is able to determine if a WCHAR value stored behind that string is '�' or not.
A sensitive information disclosure vulnerability exists in the web interface component of Avaya IP Office. A local user can gain unauthorized access to the component by exploiting the Base64 encoded credentials passed in the URL query string.
This exploit allows an attacker to escalate their privileges in the xglance-bin 11.00 software. It leverages a vulnerability with CVE-2014-2630. The exploit code sets the user ID to the effective user ID, and then executes a shell command.
The exploit allows an attacker to include local files on the server by manipulating the file path in the HTTP request. This can lead to unauthorized access to sensitive information or remote code execution.
Business Objects Crystal Reports XI Professional is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. An attacker may exploit this issue by enticing a victim user into opening a malicious document file, resulting in the execution of arbitrary code with privileges of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.
This exploit is only a Denial of Service in opera web browser. It creates a poc using heap spray that allow code execution, but the author does not post it because it can be used for evil. The exploit creates a HTML file with a select tag containing a large number of option tags with the same content. This causes an integer overflow in the program, leading to a Denial of Service.
A remote buffer overflow exists in Microsoft Windows Media Player 9.0/10.0/11.0. By sending a specially crafted ASX file, an attacker can cause a stack-based buffer overflow, resulting in arbitrary code execution.
Services By CQR