sNews is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
The vulnerability allows an attacker to execute arbitrary code in the context of the user running an affected application. It occurs due to inadequate validation of user-supplied data in Mozilla Firefox, Thunderbird, and Seamonkey.
This is a proof-of-concept exploit for a local buffer overflow vulnerability in PHP versions <= 4.4.6. The vulnerability exists in the ibase_connect() and ibase_pconnect() functions. The exploit targets Windows 2000 SP3 EN and utilizes a SEH overwrite technique. The exploit was created by rgod.
An attacker can exploit this issue to cause the affected application to crash, denying service to legitimate users.
The VLC media player is prone to a remote code-execution vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
An attacker can exploit this vulnerability by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted DLL file.
This module exploits a stack buffer overflow in HP Network Node Manager I (NNMi). The vulnerability exists in the pmd service, due to the insecure usage of functions like strcpy and strcat while handling stack_option packets with user controlled data. In order to bypass ASLR this module uses a proto_tbl packet to leak an libov pointer from the stack and finally build the rop chain to avoid NX.
This module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication.
This exploit bypasses all protections in EMET 5.0 and 4.1 but DEP.
Services By CQR