The first vulnerability is an authenticated SQL injection vulnerability in the WordPress Landing Pages plugin. This vulnerability is caused due to the lack of proper sanitization of user-supplied input in the 'post' parameter of the 'modules/module.ab-testing.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. The second vulnerability is an authenticated cross-site scripting vulnerability in the WordPress Landing Pages plugin. This vulnerability is caused due to the lack of proper sanitization of user-supplied input in the 'sc' parameter of the 'shared/shortcodes/inbound-shortcodes.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script.
This exploit is a privilege escalation vulnerability in Windows XP/2K3/VISTA/2K8/7 that allows an attacker to gain elevated privileges. It is based on a race condition in the Windows kernel's handling of WM_SYSTIMER messages. The exploit works by allocating a large amount of memory, then using a race condition to overwrite a kernel structure with a pointer to the allocated memory. This allows the attacker to gain elevated privileges.
The FTP server does not properly handle errors raised by invalid FTP commands. The following command, which sends an invalid PORT command to the FTP server, will crash the server once it is received. The FTP server does not handle unauthenticated connections or incorrect login credentials properly. A remote user can issue commands to the FTP server without authenticating or after entering incorrect credentials.
This exploit uses the fusermount command to set the LIBMOUNT_MTAB and _FUSE_COMMFD environment variables to arbitrary values, which can be used to write to an arbitrary file.
Forma LMS 1.3 is prone to multiple SQL injections vulnerabilities, which allow unprivileged users to inject arbitrary SQL statements. An attacker could exploit these vulnerabilities by sending crafted requests to the web application. These issues can lead to data theft, data disruption, account violation and other attacks depending on the DBMS’s user privileges.
Any registered user can perform a privilege escalation through `iv_membership_update_user_settings` AJAX action. Although this exploit can be used to modify other plugin related data (eg payment status and expiry date), privilege escalation can lead to a serious incident because the malicious user can take administrative role to the infected website. All input fields from registered users aren't properly escaped. This could lead to an XSS attack that could possibly affect all visitors of the website, including administators. Registered users can poublish posts without any authorization.
A buffer overflow vulnerability exists in ZOC SSH Client v.7.03.0. An attacker can create a new connection, run a python script to generate a string of 'AAAA...' and copy it to the clipboard. The attacker can then paste the string in the server address and attempt to connect, which can lead to a buffer overflow.
Comodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall and Comodo Internet Security, runs a passwordless, background VNC server and listens for incoming connections. This can allow for at least local privilege escalation on several platforms. It also may be remotely exploitable via CSRF-like attacks utilizing a modified web-based VNC client (eg. a Java VNC client).
A vulnerability in Windows 8.0 and 8.1 x64 allows for privilege escalation through TrackPopupMenu. This exploit uses a shellcode to execute cmd.exe and gain SYSTEM privileges.
It has been discovered, tested & reduced on Win7 32-bit Ultimate and runs successfully anytime. To reproduce it, enable Page Heap using gflags.exe /p /enable iexplore.exe /full and execute runMe.html in WinDbg. It has been tested on Win7 32-bit, Win8.1 32-bit, Win8.1 64-bit (not working on Win8, IE 10).
Services By CQR