This exploit demonstrates a denial of service vulnerability in Calavera UpLoader 3.5. The vulnerability is triggered when specific content is pasted into the 'FTP Address', 'Username', and 'Password' parameters in the application's settings. The exploit creates a file named 'poc.txt' with a specific payload, causing the application to crash. Additionally, the exploit overwrites SEH values, causing continued crashes on subsequent application launches until the 'uploadpref.dat' file is deleted. If only the 'Password' parameter is pasted with the exploit content, the application crashes once without creating 'uploadpref.dat'.
Buffer overflow in upRedSun Port Forwarding Wizard 4.8.0 and earlier version allows local attackers to execute arbitrary code via a long request in the Register feature.
This exploit allows an attacker to execute remote code on a target system running INNEO Startup TOOLS 2018 M040 version 13.0.70.3804. The vulnerability is caused by a traversal vulnerability that allows the attacker to read and modify files on the target system. By exploiting this vulnerability, an attacker can execute arbitrary code with the privileges of the user running the affected software.
This exploit takes advantage of a buffer overflow vulnerability in Socusoft Photo to Video Converter Professional 8.07. By pasting a specially crafted payload into the 'Output Folder' field, an attacker can trigger the buffer overflow and potentially execute arbitrary code on the target system. The exploit has been tested on Windows 10 x64.
This exploit targets the Gateway Weblaunch ActiveX Control and utilizes an insecure method to launch arbitrary executable files. The exploit uses a buffer overflow vulnerability in the 2nd and 4th parameters of the DoWebLaunch method. By passing specially crafted parameters, an attacker can escape the intended directory and execute arbitrary commands on the target system. In this example, the exploit launches the Windows Calculator (calc.exe) as a proof of concept.
The Frigate Professional software version 3.36.0.9 is vulnerable to a local buffer overflow attack when processing a specially crafted 'Pack File' resulting in a SEH Egghunter. An attacker can exploit this vulnerability to execute arbitrary code with the privileges of the user running the software.
This exploit takes advantage of a buffer overflow vulnerability in Nidesoft DVD Ripper version 5.2.18. By running a specially crafted Python script, an attacker can create a file that, when pasted into the 'License Code' parameter within the registration process, triggers a buffer overflow. This can lead to arbitrary code execution, potentially allowing an attacker to gain unauthorized access or control of the affected system.
This exploit demonstrates a buffer overflow vulnerability in Snes9K 0.09z. By providing a specially crafted string as the 'Port Number' value, an attacker can overwrite the Structured Exception Handler (SEH) and potentially execute arbitrary code.
The FTPDummy 4.80 software is vulnerable to a local buffer overflow. An attacker can create a specially crafted file, which when placed in the appropriate directory and opened by the application, can lead to arbitrary code execution. This can be exploited to gain unauthorized access or perform other malicious actions on the affected system.
The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by navigating to /html/user (via IDOR) page sending an HTTP GET request setting the parameter 'ft[grp]' to integer value '3' gaining super admin rights.
Services By CQR