This exploit abuses a vulnerability in the AppX Deployment Service (AppXSvc) in Microsoft Windows. By exploiting this vulnerability, an attacker can overwrite or create files as SYSTEM, leading to privilege escalation. The exploit can be carried out in two ways: arbitrary file creation and file overwrite.
The exploit allows an attacker to cause a denial of service (DoS) on the InTouch Machine Edition 8.1 SP1 software. By sending a specially crafted input, the attacker can trigger a buffer overflow, causing the software to crash and become unresponsive.
Remote Sql Injection vulnerability in Ip Reg v0.3 allows an attacker to execute arbitrary SQL commands via the 'vlan_id', 'assetclassgroup_id', or 'subnet_id' parameter.
This exploit creates a malicious .m3u file that contains 25,000 'A' characters. Opening this file in SMPlayer causes a buffer overflow, resulting in a Denial of Service attack.
There is a use-after-free issue in JScript (triggerable via Internet Explorer) where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is possible to assign a variable to the 'arguments' object, have it garbage-collected (as long as it is not referenced anywhere else) and still access it later. Note that, like in some previously reported JScript issues, this is a use-after-free on a JScript variable (VAR structure), so in order to trigger a crash, the entire block of variables must be freed.
The LiteManager 4.5.0 software has insecure file permissions that allow an attacker to escalate privileges on the system. By replacing the legitimate ROMFUSClient.exe file with a malicious one, an attacker can execute arbitrary code with elevated privileges. This exploit code adds a new user, adds the user to the Administrators group, and grants full access to the C drive. When a more privileged user connects and uses the ROMFUSClient IDE, the privilege escalation is successful.
The ProShow Producer 9.0.3797 software has an unquoted service path vulnerability in the 'ScsiAccess' service. This vulnerability allows an attacker with local access to the system to escalate privileges and execute arbitrary code.
Product is vulnerable to host header injection because the host header can be changed to something outside the target domain (ie.evil.com) and cause it to redirect to that domain instead.
The --url parameter included in the GNU Mailutils maidag utility can be abused to write to arbitrary files on the host operating system, leading to local privilege escalation. By default, maidag is set to execute with setuid root permissions.
Services By CQR