PotPlayer version 1.5.39036 is vulnerable to a crash when a specially crafted .wav file is dragged to the player. The crafted file contains a malicious string of bytes which causes the application to crash when it is processed.
The 'Java_sun_awt_image_ImagingLib_lookupByteBI' performs byte lookup operation on two BufferedImage. It tries to map data in src raster to the dst raster. The total bytes written to dst rater buffer is (src->width) * (src->height). However, it does not correctly check the size of the dsata buffer.
A heap overflow vulnerability exists in Green Browser 6.4.0515 when a maliciously crafted HTML page is opened. The vulnerability is triggered when a maliciously crafted HTML page is opened, which contains a table with a large width and span attributes. This causes a heap overflow, which can be exploited to execute arbitrary code.
This exploit is a local privilege escalation vulnerability in OSX versions prior to 10.8.4. It allows an attacker to gain root access to the system by exploiting a flaw in the sudo command. The exploit works by setting the system time to a specific date and time, then running the sudo command with a malicious command. The malicious command will open a reverse shell to the attacker's IP address and port, allowing the attacker to gain root access to the system.
This module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges (the user is in the sudoers file and is in the "admin group"), and the user has ever run the "sudo" command, it is possible to become the super user by running `sudo -k` and then resetting the system clock to 01-01-1970.
Multiple vulnerabilities have been found in AVTECH AVN801 DVR [1] (and potentially other devices sharing the affected firmware) that could allow a remote attacker: 1. [CVE-2013-4980] To execute arbitrary code without authentication by exploiting a buffer overflow in the RTSP packet handler. 2. [CVE-2013-4981] To execute arbitrary code without authentication by exploiting a buffer overflow in '/cgi-bin/user/Config.cgi', via a specially crafted HTTP POST request. 3. [CVE-2013-4982] To bypass the captcha of the administration login console enabling several automated attack vectors.
This module exploits a PHP code injection in SPIP. The vulnerability exists in the connect parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branchs 2.0, 2.1 and 3 are concerned. Vulnerable versions are <2.0.21, <2.1.16 and < 3.0.3, but this module works only against branch 2.0 and has been tested successfully with SPIP 2.0.11 and SPIP 2.0.20 with Apache on Ubuntu and Fedora linux distributions.
This module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileBinary method where user provided data is used as a memory pointer. This module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the LrWebIERREWrapper.dll 11.50.2216.0. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with HP LoadRunner.
VMWare Workstation (up to and including 9.0.2 build-1031769) and Player have a setuid executable called vmware-mount that invokes lsb_release in the PATH with popen(3). Since PATH is user-controlled, and the default system shell on Debian-derived distributions does not drop privs, we can put an arbitrary payload in an executable called lsb_release and have vmware-mount happily execute it as root for us.
The vulnerability is located in the 'user' controller, 'removeAddressST' task. The 'virtuemart_userinfo_id' parameter is not properly sanitized before being used in the 'DELETE' query performed in it, allowing the execution of arbitrary SQL queries. In order to exploit the vulnerability, an attacker must be authenticated as a customer in the application. However, since the system allows free account registration, this is not a problem.
Services By CQR