The exploit triggers a heap-buffer-overflow in FreeType, specifically in the tt_sbit_decoder_load_bit_aligned function in ttsbit.c file. It has been reproduced with the current version of freetype2 from the master git branch, with a 64-bit build of the ftbench utility compiled with AddressSanitizer.
This module exploits an arbitrary file upload vulnerability in the WordPress Ajax Load More version 2.8.1.1. It allows for the upload of arbitrary php files and allows for remote code execution. The vulnerability has been tested successfully on WordPress Ajax Load More 2.8.0 with Wordpress 4.1.3 on Ubuntu 12.04/14.04 Server.
The 'AddFile' method in the Versalsoft HTTP File Uploader (UFileUploaderD.dll) is vulnerable to a buffer overflow. This can be exploited by sending a specially crafted request, causing the application to crash and potentially allowing for code execution.
Corda Highwire is prone to a path disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.
Persistent & reflected XSS entry points exist allowing arbitrary client side browser code execution on victims who click our infected linx or visit persistently stored XSS payloads. XSS strings seem to get filtered, yet we can defeat that using JS String.fromCharCode() functions.
The vulnerability allows an attacker to include a remote file by manipulating the 'friendly_path' parameter in the specified URLs. This can lead to remote code execution and unauthorized access to the server.
The vulnerability allows an attacker to include a remote file in the application's code, which can lead to arbitrary code execution.
The vulnerability occurs in the handling of the 'cmap' (format 14) SFNT table in FreeType. It allows for heap-based out-of-bounds memory reads. The issue has been reproduced using the current version of freetype2 with a 64-bit build of the ftbench utility compiled with AddressSanitizer. Three proof-of-concept (POC) files triggering the conditions are attached.
The wfquotes module in Xoops v1.0 0 allows remote attackers to execute arbitrary SQL commands via the op parameter in the index.php script.
The Python 2.7 strop.replace() method suffers from an integer overflow that can be exploited to write outside the bounds of the string buffer and potentially achieve code execution. The issue can be triggered by performing a large substitution that overflows the arithmetic used in mymemreplace() to calculate the size of the new string.