The vulnerability allows the working user group to inject sql commands into the vulnerable parameter of the application. Proof of Concept is provided in the text.
A buffer overflow vulnerability exists in DSScan v1.0 Hostname/IP Field, which allows an attacker to overwrite the SEH frame and execute arbitrary code. The vulnerability is caused due to a boundary error when handling user-supplied input. By sending a specially crafted request, an attacker can cause a stack-based buffer overflow, overwriting the SEH frame and executing arbitrary code.
An SEH overwrite vulnerability exists in MyDoomScanner1.00 when a maliciously crafted input is supplied to the Hostname/IP Field. This can be exploited to execute arbitrary code by overwriting the SEH handler with a malicious payload.
The vulnerability allows an attacker to inject sql commands into vulnerable parameters of the web application. Proof of Concept examples are provided in the text.
The attached JavaScript file causes an out-of-bounds access of the source buffer when fetching the source for one of the functions during delayed compilation. The out-of-bounds value is then treated as the pointer to the source, which is likely an exploitable condition.
The attached fuzzed swf file causes the traits of an ActionScript object to be accessed out of bounds. This can lead to exploitable type confusion.
This vulnerability is a type confusion vulnerability in Microsoft Edge. It occurs when the function 'func(a, b, i)' is replaced with 'func(a, b, {})'. This allows an attacker to create a type confusion between an array and an object, which can be used to corrupt memory and potentially execute arbitrary code. The vulnerability was tested on Microsoft Edge 40.15063.0.0 (Insider Preview).
The bytecode generator uses the "EmitNew" function to handle new operators. Here's the code how the function checks for integer overflow. The "Js::ArgSlot" is a 16 bit unsigned integer type. And "argCount" is of the type "Js::ArgSlot". So "if (argCount != (Js::ArgSlot)argCount)" has no point. It can't prevent the integer overflow at all. The PoC code creates an array with 0x10000 elements and fills it with 0x1234.
A use-after-free vulnerability exists in the Parser::ParseFncFormals function of the ChakraCore JavaScript engine, due to the lack of proper validation of the 'arguments' property when the 'PNodeFlags::fpnArguments_overriddenInParam' flag is set. An attacker can exploit this vulnerability by passing a crafted JavaScript code to the vulnerable function, resulting in a use-after-free condition.
The vulnerability exists in the ParseVariableDeclaration function of the Parser class, which is used for parsing declarations. The code is using the 'm_currentNodeFunc' variable regardless of the 'buildAST' boolean, which may change a wrong function's 'grfpn' flag. This can lead to the 'PNodeFlags::fpnArguments_overriddenByDecl' flag being set, making the function's arguments uninitialized. A proof-of-concept exploit is provided, which can be used to trigger the vulnerability.
Services By CQR