A remote crash vulnerability exists in Internet Explorer 11 due to a use-after-free error when handling a specially crafted web page. An attacker can exploit this vulnerability to cause a denial of service condition in the affected application.
Installation of delegate 9.9.13 sets some binaries setuid root, at least one of these binaries can be used to escalate the privileges of a local user. The binary dgcpnod creates a node allowing a local unprivileged user to create files anywhere on disk. By creating a file in /etc/cron.hourly a local user can execute commands as root.
FTPShell Client version 5.24 is vulnerable to a buffer overflow vulnerability in the 'Address' input field used to connect to an FTP server. By supplying a maliciously crafted string of data, an attacker can overwrite several registers on the stack and control program execution flow. This can lead to local arbitrary code execution.
A local overflow exists in kitty.ini file used by KiTTY portable. By writing a 1048 bytes string into the kitty.ini file, an overflow occurs that makes Kitty crashing. At time of the crash, EIP is overwritten at offset 1036. As all DLLs are ALSR and DEP protected, and rebased, we can only use kitty_portable.exe addresses, which start with a NULL. Successful exploitation will allow to execute local executables on Windows 8.1 and Windows 10.
A local overflow exists in kitty.ini file used by KiTTY portable. By writing a 1048 bytes string into the kitty.ini file, an overflow occurs that makes Kitty crashing. At time of the crash, EIP is overwritten at offset 1036. As all DLLs are ALSR and DEP protected, and rebased, we can only use kitty_portable.exe addresses, which start with a NULL. Successful exploitation will grant an attacker a reverse shell on Windows 7 Pro x64.
A local overflow exists in the session file used by KiTTY portable, in the HostName parameter. It is possible to write an overly long string to trigger an overflow. It can be used to trigger code execution on Windows XP SP3, or to crash the program from Windows 7 to Windows 10. It has been tested with KiTTY portable 0.65.0.2p/0.65.0.3p/0.65.1.1p, but earlier versions are likely to be vulnerable too.
AccessDiver is vulnerable to multiple buffer overflows, two vectors are described below. The first vector is a buffer overflow at 2073 bytes in the URL field for the Server/IP address. This will overwrite the NSEH and SEH exception handlers. The second vector is a buffer overflow when loading a malicious "Exploit zone file" text file containing 2080 bytes. This can be triggered by loading the text file from the "Weak History" menu, choosing "Import from File" and then selecting the exploit text file.
EasyCafe Server has a feature to upload file from the server to a client. And the request is as following. EasyCafe Server sends an UDP request to the client with the file that wants to upload, Then the client receives the packet and connects to the server on port 831 and sends the directory of the file and receives it. The problem is that a remote attacker can connect to port 831 and can retrive a file becuase the server doesn't validate the request, and does not check if it has sent the UDP request which gives us full Read access to the system.
Rips Scanner 0.5 is vulnerable to Local File Inclusion. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'file' parameter of the 'code.php' script. An attacker can exploit this vulnerability to include arbitrary files from the web server and execute arbitrary code in the context of the web server process. The attacker can also include and execute arbitrary local files on the web server.
A remote code execution vulnerability exists in Beezfud due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the server.
Services By CQR