MS11-046 was a zero-day exploit found in the wild, reported to Microsoft by Steven Adair from the Shadowserver Foundation and Chris S. Ronnie Johndas wrote the writeup dissecting a malware with this exploit. Rahul Sasi (fb1h2s) made the POC exploit available. The exploit uses a shellcode to achieve privilege escalation by using PslookupProcessId to get the system token and replacing it with the current process token.
Input passed via the 'to_userid' POST parameter to /modules/pm/pmlite.php and 'current_file' POST parameter to /class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php is not properly sanitised before being returned to the user, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
Input passed via the "GLOBALS[g_campsiteDir]" GET parameter to /include/phorum_load.php, /conf/install_conf.php and /conf/liveuser_configuration.php is not properly verified before being used in require_once() function and can be exploited to include arbitrary remote files.
All the current Samsung TV and BD systems can be controlled remotely via iPad, Android and other software/devices supporting the protocol used on TCP port 55000. The vulnerabilities require only the Ethernet/wi-fi network connected to be exploited sinche the protocol is not authenticated.
The Scrutinizer web console provides a form-based login facility, requiring users to authenticate to gain access to further functionality. A tiered user access model is also used, where administrative and standard users have a different selection of permissible functions. Authentication and authorization is controlled by the cookie-based session management system. Although this is implemented in a standardized way, the session tokens are not required to perform privileged functions, such as adding users. The Scrutinizer web console is vulnerable to a SQL injection attack. The vulnerability exists in the 'search.cgi' script, which is used to search for hosts and flows.
This exploit is for MAC Office 2008. It is a buffer overflow exploit which is triggered by a specially crafted RTF file. The exploit contains a malicious payload which is downloaded from a remote server. The payload is a DMG file which contains malicious code.
This module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code.
This module exploits a stack buffer overflow in CyberLink Power2Go version 8.x. The vulnerability is triggered when opening a malformed p2g file containing an overly long string in the 'name' attribute of the file element. This results in overwriting a structured exception handler record.
When clicking on the row count, a POST request is executed which is vulnerable to SQL injection.
An attacker can inject malicious SQL queries into the vulnerable parameter 'query' of the 'search' page of MediaXxx Adult Video / Media Script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Services By CQR