This exploit is for testing and educational purposes only. It creates a malicious MP4 file with an 'stco' atom, 'stsz' atom, 'stts' atom, 'stsc' atom and 'stss' atom. If the caller desires, an entry is added to the 'stsc' atom to trigger the vulnerability and cause a heap overflow.
Multiple use-after-free vulnerabilities were discovered in session deserializer (php/php_binary/php_serialize) that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
A use-after-free vulnerability was discovered in unserialize() with SplObjectStorage object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
A use-after-free vulnerability was discovered in unserialize() with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
A use-after-free vulnerability was discovered in unserialize() with SplDoublyLinkedList object's deserialization and crafted object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
auto-exchanger version 5.1.0 suffers from an xsrf vulnerability, attacker is able to abuse of this vulnerability to change password by a hidden iframe in another page.
The Qlikview platform is vulnerable to XML External Entity (XXE) vulnerabilities. More specifically, the platform is susceptible to DTD parameter injections, which are also 'blind' as the server feeds back no visual response. These vulnerabilities can be exploited to force Server Side Request Forgeries (SSRF)in multiple protocols, as well as reading and extracting arbitrary files on the server directly.
DirectAdmin is a graphical web-based web hosting control panel designed to make administration of websites easier. DirectAdmin suffers from cross site request forgery and cross site scripting vulnerabilities. Exploit 1 allows users to create new files and edit existing files, Exploit 2 allows users to create new folders, and Exploit 3 allows users to rename files.
Advantech WebAccess is a SCADA software used to remotely manage Industrial Control systems devices like RTU's, Generators, Motors etc. Attackers can execute code remotely by passing maliciously crafted string to ConvToSafeArray API in ASPVCOBJLib.AspDataDriven ActiveX. The vulnerability exists due to a buffer overflow in the AspVCObj.dll library when handling specially crafted arguments passed to the UpdateProject and InterfaceFilter functions.
A local privilege escalation vulnerability exists in IBM AIX High Availability Cluster Multiprocessing (HACMP) due to a lack of proper input validation. An attacker can exploit this vulnerability by creating a malicious su binary in the /tmp directory and setting the PATH environment variable to /tmp. The attacker can then execute the clpasswd utility, which will execute the malicious su binary, resulting in a root shell.
Services By CQR