A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages. While processing specially crafted messages, attacker controlled data on the heap is written out of bounds. No special user interaction or authorization is necessary in default configurations.
This exploit allows an attacker to bypass the authentication of the Hidden Administrator account on a Windows XP system. The exploit requires the attacker to have access to a TFTP server and the victim's IP address. By uploading files to the victim's system, the attacker can gain unauthorized access to the Hidden Administrator account.
A local Windows administrator is able to bypass the security restrictions and disable the antivirus engine without knowing the correct management password
This vulnerability allows remote attackers to include arbitrary files and execute malicious code by exploiting the 'connect.php' and 'startup.php' files in SunLight CMS 5.3 and below. The vulnerability exists due to the lack of proper input validation and sanitization in the affected files, which allows an attacker to manipulate the 'root' parameter and include arbitrary files from a remote server.
This exploit takes advantage of a stack-based buffer overflow vulnerability in the LeadTools Thumbnail Browser Control (lttmb14E.ocx v. 14.5.0.44) to execute arbitrary code.
This exploit allows an attacker to overflow the stack buffer in the LeadTools JPEG 2000 COM Objejct (LTJ2K14.ocx) component, leading to remote code execution. The exploit opens the calculator (calc.exe) as a proof of concept.
This is a local Proof of Concept (PoC) exploit for AIM version 5.5.3595. It exploits a buffer overflow vulnerability in the AIM software and allows an attacker to execute arbitrary code on the target system. The exploit creates a bindshell on port 1180 and can be triggered by supplying a command-line argument. If no argument is provided, it prints the URL. This exploit is NT universal, meaning it can be used on Windows NT-based systems.
This vulnerability allows an attacker to include local files on the server by manipulating the 'lang' parameter in the 'index.php' file. By using a relative path traversal technique, an attacker can access sensitive files such as the '/etc/passwd' file. This vulnerability affects all files within the MolyX BOARD 2.5.0 web application.
Extra User Details plugin for WordPress suffers from a Privilege Escalation vulnerability. The plugin hooks the eud_update_ExtraFields function to profile_update WordPress action. This function doesn't properly check user capabilities and updates all meta information passed to post data. An attacker can exploit this misbehavior to gain administrative privileges.
There needs to be an mp4 file with these nested atoms to trigger the bug: moov -> trak -> mdia -> hdlr
Services By CQR