This exploit was written against a Netatalk compiled for an x86_64 Seagate NAS. The addresses below will need to be changed for a different target. The exploit overwrites the commands pointer with the base of the preauth_switch and sends a request to the server with the request and data.
A denial of service vulnerability exists in McAfee Foundstone SQLScan due to a buffer overflow when copying content from SQLScan_Crash.txt to the 'Hostname/IP' field. An attacker can exploit this vulnerability by running SQLScan, copying the content from SQLScan_Crash.txt to the 'Hostname/IP' field, and clicking the '->' button, resulting in a crash.
Due to the form not being validated, ZeusCart4.0 suffers from a Cross Site Request Forgery vulnerability, which means an attacker can perform actions on behalf of a victim, by having the victim visit an attacker controlled site. In this case, the attacker is able to 'deactivate' any customer accounts, which means that the account is banned and cannot login.
Access violation while reading memory at 0x5C using a NULL pointer (microsoftedgecp.exe!edgehtml.dll!Tree::ANode::DocumentLayout)
AnyBurn 4.3 is vulnerable to a local buffer overflow vulnerability when a maliciously crafted file is opened. This vulnerability can be exploited by an attacker to execute arbitrary code in the context of the application. The vulnerability is due to a lack of proper validation of user-supplied data, which can result in a buffer overflow. The vulnerability exists in the 'Copy disk to Image' feature of AnyBurn 4.3. An attacker can exploit this vulnerability by crafting a malicious file and copying it to the clipboard. When the 'Copy disk to Image' feature is used, the malicious file is opened, resulting in a buffer overflow and arbitrary code execution.
The VBScript execution policy does not appear to cover VBScript code in MSXML xsl files which can still execute VBScript, even when loaded from the Internet Zone. To demonstrate, place the files in the attached archive on a web server in the Internet zone and open index.html. If successful, the text 'Hello from VBscript' will be rendered on the page.
The VbsErase function is used to reset and free the contents of a VBScript array. When this function is called on a VBScript variable of the type array, the function follows a set of steps which can lead to a use-after-free vulnerability if a user-defined callback runs during the SafeArrayDestroyData step.
Base64 Decoder 1.1.2 is vulnerable to a local buffer overflow vulnerability when a specially crafted file is decoded. This can be exploited to execute arbitrary code by corrupting the SEH chain and overwriting the return address with a malicious payload.
LanSpy 2.0.1.159 is vulnerable to a local buffer overflow vulnerability when a specially crafted payload is sent to the application. This can be exploited to execute arbitrary code by overwriting the SEH handler with a pointer to the egghunter payload.
This exploit is a SEH Local Exploit for PDF Explorer. It was originally discovered by Gionathan 'John' Reale (DoS exploit). The exploit author is Achilles and it was published on 18-12-2018. The vendor homepage is http://www.rttsoftware.com/ and the software link is https://www.rttsoftware.com/files/PDFExplorerTrialSetup.zip. The tested version is 1.5.66.2 and it was tested on Windows XP SP3. The exploit involves running a python code, opening EVIL.txt and copying its content to clipboard, opening PDF Explorer, clicking 'Database' > 'Custom fields settings...', pasting the content of EVIL.txt into the Field:'Label'and the calculator will open.
Services By CQR