The application suffers from a stack-based buffer overflow vulnerability when parsing large amount of bytes to the 'sourceFile' string parameter in PackFile() and UnpackFile() functions in 'Netwrix.Common.CollectEngine.dll' library, resulting in stack overrun overwriting several registers including the SEH chain. An attacker can gain access to the system of the affected node and execute arbitrary code.
The Kaltura platform contains a number of vulnerabilities, allowing unauthenticated users to execute code, read files, and access services listening on the localhost interface. Vulnerabilities present in the application also allow authenticated users to execute code by uploading a file, and perform stored cross site scripting attacks from the Kaltura Management Console into the admin console. Weak cryptographic secret generation allows unauthenticated users to bruteforce password reset tokens for accounts, and allows low level users to perform privilege escalation attacks.
This is a minimized proof-of-concept for a CSS Injection vulnerability.
This exploit allows an attacker to retrieve the last valid session ID for being an admin or inject a shell with the INTO OUTFILE command.
A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages. While processing specially crafted messages, attacker controlled data on the heap is written out of bounds. No special user interaction or authorization is necessary in default configurations.
This exploit allows an attacker to bypass the authentication of the Hidden Administrator account on a Windows XP system. The exploit requires the attacker to have access to a TFTP server and the victim's IP address. By uploading files to the victim's system, the attacker can gain unauthorized access to the Hidden Administrator account.
A local Windows administrator is able to bypass the security restrictions and disable the antivirus engine without knowing the correct management password
This vulnerability allows remote attackers to include arbitrary files and execute malicious code by exploiting the 'connect.php' and 'startup.php' files in SunLight CMS 5.3 and below. The vulnerability exists due to the lack of proper input validation and sanitization in the affected files, which allows an attacker to manipulate the 'root' parameter and include arbitrary files from a remote server.
This exploit takes advantage of a stack-based buffer overflow vulnerability in the LeadTools Thumbnail Browser Control (lttmb14E.ocx v. 14.5.0.44) to execute arbitrary code.
This exploit allows an attacker to overflow the stack buffer in the LeadTools JPEG 2000 COM Objejct (LTJ2K14.ocx) component, leading to remote code execution. The exploit opens the calculator (calc.exe) as a proof of concept.