This module exploits a stack buffer overflow in XTACACSD <= 4.1.2. By sending a specially crafted XTACACS packet with an overly long username, an attacker may be able to execute arbitrary code.
The code snippet shows a static array declaration with a size of 1024 * 1024 * 20. This is a buffer overflow vulnerability as the size of the array exceeds the limit of the stack. It can lead to memory corruption and potentially allow an attacker to execute arbitrary code.
This application is vulnerable to a buffer overflow when converting malformed .wav files. This allows for arbitrary code execution on the user's machine.
This exploit takes advantage of a race condition vulnerability in the /usr/bin/bellmail command on Aix5. It allows an attacker to change the owner of any file to the current user. The exploit script x_aix5_bellmail.pl is used to perform the exploit. The aim_file parameter specifies the file that the attacker wants to change the owner of. The exploit relies on a race condition, so multiple runs may be needed. The x_bellmail.sh script can assist with using this exploit.
The Docebo application version 3.6.0.3 is affected by multiple SQL-Injection vulnerabilities. The vulnerability allows an attacker to execute arbitrary SQL queries in the application's database, potentially leading to unauthorized access or modification of data.
When an argument is passed to the getlvcb utility, the string is copied into a reserved buffer in memory. Data that exceeds the size of the reserved buffer will overflow its bounds and will trample any saved data that is adjacent to the affected buffer. Ultimately this may lead to the execution of arbitrary instructions in the context of the root user.
Cross-Site Request Forgery vulnerability in the e107_admin/download.php page, which is also vulnerable to SQL injection in the POST form. The e-token or ac tokens are not used in this page, which results in the CSRF vulnerability. This in itself is not a major security vulnerability but when done in conjunction with a SQL injection attack it can result in complete information disclosure. The parameters which are vulnerable to SQL injection on this page include: download_url, download_url_extended, download_author_email, download_author_website, download_image, download_thumb, download_visible, download_class. The following is an exploit containing javascript code that submits a POST request on behalf of the administrator once the page is visited. It contains a SQL injection that would provide the username and password (in MD5) of the administrator to be added to the Author Name of a publicly available download.
The Mathopd web server is prone to a remote buffer overflow vulnerability. This vulnerability occurs due to a failure to check the bounds of a buffer storing user-supplied input. An attacker can exploit this vulnerability to execute arbitrary instructions on the affected system, with the privileges of the web server process.
A format string vulnerability has been reported in the Unreal Tournament server engine. The vulnerability occurs due to a failure of the server application to properly sanitize user-supplied network data. This vulnerability could allow an attacker to execute arbitrary code on the system where the affected server software is implemented, potentially leading to a complete compromise of the system.
This module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.
Services By CQR