Node-serialize is a Node.js library that provides an API for serializing and deserializing JavaScript objects. A vulnerability exists in the unserialize() function of the library, which allows an attacker to execute arbitrary code on the server. The vulnerability is caused by the lack of input validation when unserializing user-supplied data. An attacker can exploit this vulnerability by crafting a malicious payload and sending it to the server, which will then be unserialized and executed.
CVE-2018-4878 is a use-after-free vulnerability in Adobe Flash Player 28.0.0.137 and earlier versions. The vulnerability is caused by a dangling pointer in the Primetime SDK related to video object lifetime management. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user.
CVE-2018-4878 is a vulnerability in Adobe Flash Player that allows attackers to execute arbitrary code on the target system. The vulnerability is caused by a use-after-free error in the handling of the ActionScript 3 ByteArray class. An attacker can exploit this vulnerability by convincing a user to open a specially crafted Excel file. Once opened, the malicious code will be executed on the target system.
A use-after-free vulnerability exists in the JSON.stringify() function of the JavaScript engine in Google Chrome. The vulnerability is caused by the lack of proper validation of the length of the array when creating a new array buffer. An attacker can exploit this vulnerability by creating a malicious JavaScript payload that will trigger the use-after-free condition. The payload will then be able to execute arbitrary code on the affected system.
This exploit is for Xbox-SystemOS version 10.0.14393.2152 (rs1_xbox_rel_1610 161208-1218) fre, 12/14/2016. It is not sufficient to start an .exe via shellcode. Exploiters are encouraged to be creative and find a way to invoke edge engine when console is offline.
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type of filtering, which can lead to remote code execution when deserializing XML payloads.
This vulnerability is a remote code execution vulnerability in the Bluetooth stack of Android devices. It allows an attacker to execute arbitrary code on the target device by sending a malicious L2CAP packet over Bluetooth. The vulnerability affects Android versions 4.4.4 and below.
Ticketbleed is a vulnerability in F5 BIG-IP appliances that allows an attacker to read up to 31 bytes of uninitialized memory from the SSL session ticket. This vulnerability was discovered by Filippo Valsorda and was assigned CVE-2016-9244. It affects F5 BIG-IP versions 11.6.0 through 11.6.1, 12.0.0 through 12.1.2, and 13.0.0 through 13.1.1.
This exploit is a telnet backdoor exploit which allows an attacker to gain access to a system by writing a shell script to a writable directory on the host and then attempting to connect to the newly-created backdoor.
This exploit is a proof-of-concept (POC) for a buffer overflow vulnerability in the HuaWei Mate7 hifi driver. The vulnerability is triggered when the ioctl HIFI_MISC_IOCTL_WRITE_PARAMS is called with a large input buffer, which can lead to a buffer overflow. This can be exploited to execute arbitrary code.
Services By CQR