Novell Service Desk has several vulnerabilities including a file upload function that can be exploited to achieve authenticated remote code execution. The product appears to be a rebranded version of Absolute Service (another help desk system). The latter has not been tested but it is likely to contain the same vulnerabilities as Novell Service Desk.
CAM UnZip fails to check that the paths of the files in the archive do not engage in path traversal when uncompressing the archive files. Specially crafted files in the archive containing '..' in file name can overwrite files on the filesystem by backtracking or allow attackers to place malicious files on system outside of the target unzip directory which may lead to remote command execution exploits etc...
This is a proof of concept code for the KSignSWAT SWAT_Login() vulnerability. It was tested on WinXP SP2 KOREAN with IE 6.
WPN-XMs webinterface is prone to multiple CSRF entry points allowing remote attackers to compromise an authenticated user if they visit a malicious webpage or click an attacker supplied link. Attackers can modify the 'PHP.INI' file to change arbitrary PHPs settings like enable 'allow_url_include' or changing the default MySQL username & password settings etc...
This is a Proof-of-Concept exploit for the Apple Intel HD 3000 Graphics driver. The vulnerability allows for local privilege escalation, resulting in root access. The exploit takes advantage of a vulnerability in the AppleIntelHD3000Graphics driver 10.0.0, allowing control of a specific function call.
The Panda Security 2016 Home User products for Windows are vulnerable to privilege escalation, allowing a local attacker to execute code as SYSTEM from any account (Guest included), thus completely compromising the affected host.
This module exploits a SEH overflow in the Easy File Sharing FTP Server 7.2 software.
This exploit targets the Filename property of the Pegasus ImagN' ActiveX Control, causing a remote buffer overflow. The exploit overwrites seh pointers and several vulnerable functions, including BeginReport, CreatePictureExA, DefineImage, DefineImageEx, DefineImageFox, CopyBufToClipExA, LoadEx, and LoadFox. The exploit is designed for Windows XP SP2 IT version using the EIP overwrite method. The author of this exploit is rgod.
This exploit allows an attacker to perform an invalid memory write in phar on a filename with � in the name. The vulnerability occurs when creating a Phar object with a test file that contains a null byte in the name. By manipulating the file contents, an attacker can trigger the invalid memory write and potentially execute arbitrary code.
When sending multiple parallel GET requests to an IIS 6.0 server requesting /AUX/.aspx, the server becomes unstable and non-responsive. This only happens to servers that respond with a runtime error (System.Web.HttpException) and take two or more seconds to respond to the /AUX/.aspx GET request.
Services By CQR