Microsoft Visual Basic 6.0 IDE crashes while parsing the project detail's field when characters more than 1037690 are provided, causing stack overflow. The data is stored as UNICODE which means that Shellcode can be injected in unicode manner to escalate privileges. As soon as the stack gets overflow, an exception occurs and NTDLL starts handling it, which means that SEH based exploitation will work. Offset is mentioned above at which IDE crashes. Register EBX contains the malicious values. Memory address at which the malicious data (Project detail) are dumped is: 03EF0189 and onwards.
This exploit targets the LeadTools ISIS Control ltisi14E.ocx version 14.5.0.44. It takes advantage of a remote buffer overflow vulnerability in the control. By clicking on a button, the exploit triggers the vulnerability and executes arbitrary code on the target system. This vulnerability affects all software that uses this ocx.
This exploit allows an attacker to execute shell commands remotely on a system running IE 6 and Virtual CD 9.0.0.2 with vc9api.DLL version 9.0.0.57. The attacker can use this to add a new user 'sun' and add it to the 'Administrators' group using the 'net user' and 'net localgroup' commands.
The Hexchat IRC client is vulnerable to a directory traversal attack in the server name log directory. This vulnerability allows an attacker to create or modify arbitrary files on the filesystem with the permissions of the IRC client user. The vulnerability occurs when a non-sanitized server-provided information is injected into the file path via the 'log_insert_vars' function call. This can be triggered by connecting to a malicious server and using a special configuration with logging enabled and a pattern containing '%s' in the log filepath.
The exploit overwrites the system.ini file, potentially causing the PC to not restart. The exploit is triggered by clicking a button on a webpage and is applicable to all software that uses the LeadTools Raster Variant Object Library (LTRVR14e.dll v. 14.5.0.44).
The Avira Antivirus engine is vulnerable to a heap underflow vulnerability when parsing section headers of PE files. If a section header has a very large relative virtual address, Avira will wrap calculating the offset into a heap buffer, allowing an attacker to write controlled data to it. This vulnerability can be exploited for remote code execution as NT AUTHORITYSYSTEM.
This exploit targets the /zomplog-3.8/plugins/mp3playlist/mp3playlist.php?speler=[sql] endpoint on the Zomplog website. The exploit allows an attacker to perform a remote SQL injection attack. The attacker can retrieve the admin hash from the zomplog_users table by using a UNION SELECT statement. The attack is performed by appending a specially crafted SQL query to the URL.
WordPress CP Polls 1.0.8 plugin is vulnerable to Persistent Cross-site scripting and CSRF attacks. The plugin does not sanitize the values of the options before saving them to the database, allowing an attacker to execute malicious actions by sending a malicious link to a WordPress administrator. The CSRF protection is also missing, making it easier for an attacker to exploit the vulnerability.
The plugin "WooCommerce - Store Toolkit" for WordPress suffers from a privilege escalation vulnerability. An attacker must have a valid user account which is possible simply by registering to the infected website. As long as an attacker has an active account at the infected website, they can perform actions like permanently deleting posts, media, products, orders, and comments. This issue is considered a Privilege Escalation vulnerability.
The vulnerability allows an attacker to disclose the database of the RunawaySoft Haber portal v1.0 (tr) by accessing the /devami.asp?id=14 endpoint and injecting a UNION SELECT statement. The exposed data includes the 'sifre' field from the 'admin' table. An example exploit URL is provided.
Services By CQR