The exploit takes advantage of the vulnerable googleapps.url.mailto:// URI handler in Internet Explorer. By injecting the '--domain=' switch for the googleapps.exe executable, arbitrary switches can be passed to the Google Chrome chrome.exe executable, allowing the execution of arbitrary commands or batch files from the local system or a remote network share.
User-supplied value for the Hostsize field results in an integer overflow and subsequently a complete stack smash by passing an overlong string to the HostList one allowing an attacker to execute arbitrary code. All modules in memory are compiled with /SAFESEH=on but it's still possible to execute arbitrary code by passing a certain trusted handler from kernel32.dll. Other attacks are possible through the ProtoSize or ServerSize fields.
This exploit targets the Ada Image Server v0.6.6 and allows for a SEH overwrite. It has been discovered and exploited by Blake. It has been tested on XP SP1. The vulnerability allows an attacker to send a payload to the server, which results in a shell bind TCP connection being established.
This exploit opens a backdoor on port 4444 with nobody access. It targets the apage.cgi script in WebAPP CGI that is vulnerable to command injection. The exploit downloads a malicious file from a remote server and executes it on the target system.
This module exploits a stack buffer overflow in XTACACSD <= 4.1.2. By sending a specially crafted XTACACS packet with an overly long username, an attacker may be able to execute arbitrary code.
The code snippet shows a static array declaration with a size of 1024 * 1024 * 20. This is a buffer overflow vulnerability as the size of the array exceeds the limit of the stack. It can lead to memory corruption and potentially allow an attacker to execute arbitrary code.
This application is vulnerable to a buffer overflow when converting malformed .wav files. This allows for arbitrary code execution on the user's machine.
This exploit takes advantage of a race condition vulnerability in the /usr/bin/bellmail command on Aix5. It allows an attacker to change the owner of any file to the current user. The exploit script x_aix5_bellmail.pl is used to perform the exploit. The aim_file parameter specifies the file that the attacker wants to change the owner of. The exploit relies on a race condition, so multiple runs may be needed. The x_bellmail.sh script can assist with using this exploit.
The Docebo application version 3.6.0.3 is affected by multiple SQL-Injection vulnerabilities. The vulnerability allows an attacker to execute arbitrary SQL queries in the application's database, potentially leading to unauthorized access or modification of data.
When an argument is passed to the getlvcb utility, the string is copied into a reserved buffer in memory. Data that exceeds the size of the reserved buffer will overflow its bounds and will trample any saved data that is adjacent to the affected buffer. Ultimately this may lead to the execution of arbitrary instructions in the context of the root user.
Services By CQR