Fady Mohamed Osman (@fady_osman) discovered a buffer overflow vulnerability in Apple iTunes 10.6.1.7. The vulnerability is caused due to a boundary error when processing PLS title fields. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted PLS file to the affected application. Successful exploitation may allow execution of arbitrary code.
This is a RCE PoC for Legend Bot which has been used in the Shellshock spam October 2014. It allows an attacker to take over the Legend Bot by sending a malicious payload to the bot via an IRC server. The payload is then executed on the bot, allowing the attacker to take control of the bot.
This is a SEH based exploit which is more effective than a vanilla buffer overflow. The exploit is used to target Windows 7s & 8s. The exploit uses the address 0x7C9D30D7 and the offset reaches ESP before SEH. The main vulnerability in this case is SEH.
Ultimate Product Catalogue is A responsive and easily customizable plugin for all your product catalogue needs. It has +59.000 downloads, +3.000 active installations. Unauthenticated SQL injection in parameter "SingleProduct" when a web visitor explores a product published by the web administrator.
Ultimate Product Catalogue is a responsive and easily customizable plugin for all your product catalogue needs. It has +59.000 downloads, +3.000 active installations. Unauthenticated SQL injection in ajax call when the plugin is counting the times a product is being seen by the web visitors. The vulnerable POST parameter is "Item_ID". In file Functions/Process_Ajax.php line 67, the code is "$Item_ID = $_POST['Item_ID']; $Item = $wpdb->get_row("SELECT Item_Views FROM $items_table_name WHERE Item_ID=" . $Item_ID);" and the proof of concept is "POST /wp-admin/admin-ajax.php HTTP/1.1 Host: <wordpress host> [...] Cookie: wordpress_f305[...] Item_ID=2 AND SLEEP(5)&action=record_view".
Quick Search 1.1.0.189 contains a buffer overflow vulnerability in the 'search textbox' which can be exploited by an attacker to execute arbitrary code by using a specially crafted exploit string. The exploit string contains an egghunter which searches the memory for the marker and executes the shellcode once found. The exploit should work across different OS versions.
A remote code execution vulnerability exists in WebUI due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
A vulnerability in the USB Creator utility of Ubuntu allows an attacker to gain root privileges on the system. The vulnerability is due to the fact that the USB Creator utility does not properly sanitize user-supplied input when running in KVM mode. An attacker can exploit this vulnerability by supplying malicious input to the USB Creator utility, which will then be executed with root privileges. This can be done by creating a shared library file containing malicious code and then supplying it as an argument to the USB Creator utility. The malicious code will then be executed with root privileges, allowing the attacker to gain full control of the system.
MooPlayer 1.3.0 is vulnerable to a SEH buffer overflow vulnerability when a specially crafted m3u file is opened. The vulnerability is triggered when the application attempts to process a long string of data, which causes a buffer overflow and overwrites the SEH handler. This can be exploited to execute arbitrary code by redirecting the execution flow to a malicious payload.
Open-Letters is vulnerable to a remote code injection vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable server. This can allow an attacker to execute arbitrary code on the vulnerable server.
Services By CQR