A local attacker can execute arbitrary code as another user by exploiting improper bounds checking in the regedit.exe program. By trapping a key in the registry and having a non-informed user browse it with regedit.exe, the attacker can execute an arbitrary command without the user's knowledge. The vulnerability is caused by a misused RegEnumValueW function in regedit.exe.
This module exploits a format string vulnerability in the lg_sprintf function as implemented in liblocal.dll on EMC Networker products. This module exploits the vulnerability by using a specially crafted RPC call to the program number 0x5F3DD, version 0x02, and procedure 0x06. This module has been tested successfully on EMC Networker 7.6 SP3 on Windows XP SP3 and Windows 2003 SP2 (DEP bypass).
The method used to obfuscate and protect the HTML source of web pages implementing Web Protector is flawed and may be easily reversed. This weakness can be exploited to disclose sensitive information contained in HTML source or to reveal the HTML source itself.
The vulnerability is caused by an input validation issue in the 'ext.dll' component of BadBlue. A remote attacker can exploit this vulnerability by sending a specially crafted request to the server. By causing '.hts' files to be interpreted by the server, the attacker can execute administrative commands without authorization.
Several cross site scripting vulnerabilities have been reported for eZ Publish. These vulnerabilities are due to insufficient sanitization of user-supplied data submitted to eZ Publish. Exploitation may allow theft of cookie-based authentication credentials or other attacks.
Under certain circumstances, Vignette StoryServer may reveal stack memory content. A specially crafted request for a page that accepts user-supplied data can trigger an error state, which will result in a dump of the current stack contents being returned to the attacker's browser within an error message. This information can be used to mount further attacks against the system.
A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt sensitive locations in memory. Successful exploitation of this issue could allow an attacker to execute arbitrary commands, with the privileges of the Samba process.
This exploit takes advantage of a stack overflow vulnerability in BigAnt Server version 2.52 SP5. It bypasses Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) protections. The attack plan involves overwriting the Structured Exception Handling (SEH) handler with a Return-Oriented Programming (ROP) gadget. The ROP Chain is then executed to perform a VirtualAlloc() and PUSHAD. Finally, the shellcode is run.
This exploit targets a boundary condition error in WebC, allowing a remote attacker to gain unauthorized access to a vulnerable host. The exploit code sets up a shellcode that includes commands for privilege escalation, forking a daemon process, and binding a shell to a specific port. The exploit fills in the necessary addresses and port number in the shellcode to execute the attack.
Multiple Persistent Cross-Site vulnerabilities were found in Endpoint Protector v4.0.4.2, because the application fails to sanitize the response before it is returned to the user. This can be exploited to execute arbitrary script and HTML code in a user's browser session. This may allow the attacker to steal the user's cookie and to launch further attacks.
Services By CQR