Acoustica MP3 CD Burner 4.32 is prone to a buffer-overflow vulnerability when parsing a .asx playlist file. An attacker can entice a user to open a specially crafted .asx playlist file, allowing the execution of arbitrary shell code. This vulnerability occurs because the application fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer.
The application is prone to multiple reflected cross-site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to the 'HidChannelID' and 'HidVerForPHP' POST parameters in the 'SetSmarcardSettings.php' script. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session. The application also allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
This module exploits the Drupal RESTWS module vulnerability. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. This module was tested against RESTWS 7.x with Drupal 7.5 installation on Ubuntu server.
This module exploits a file upload vulnerability in Tiki Wiki <= 15.1 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The issue comes with one of the 3rd party components. Name of that components is ELFinder -version 2.0-. This components comes with default example page which demonstrates file operations such as upload, remove, rename, create directory etc. Default configuration does not force validations such as file extension, content-type etc. Thus, unauthenticated user can upload PHP file. The exploit has been tested on Debian 8.x 64bit and Tiki Wiki 15.1.
This exploit targets multiple stack buffer overflows and heap overflows in the psscan() function located in the ps.c file. The exploit overflows the text buffer at 5 different places and the heap at 2 places.
The vulnerability allows an attacker to include a remote file on the server, which can lead to remote code execution or unauthorized access to sensitive information.
The unquoted path vulnerability in Matrix42 Remote Control Host allows an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. By copying notepad.exe to "C:Program Files (x86)Matrix42" and renaming it to ""Remote.exe""
The Steam directory located at C:Program Files (x86)Steam implement weak file permissions and allow anyone in the BUILTINUsers windows group to modify any file in the Steam directory and any of its child files and folders. Since Steam is a startup application by default this makes it particularly easy to achieve lateral/vertical privilege escalation and achieve code execution against any user running the application.
This exploit allows an attacker to perform a remote SQL injection attack on cpCommerce version 1.1.0 using the category.php id_category parameter. The vulnerability can be exploited by an attacker to execute arbitrary SQL queries on the target system.
The LeadTools Raster Dialog File Object (LTRDF14e.DLL v. 14.5.0.44) is vulnerable to a remote buffer overflow exploit. This vulnerability can be exploited by an attacker to execute arbitrary code on the affected system.
Services By CQR