The CreateObjectTask scheduled task initializes a user accessible system COM service which allows you to instantiate the SettingsSyncDiagnostics COM object. This object doesn’t take into account the caller when copying logs files leading to EoP.
The CreateObjectTask scheduled task initializes a user accessible system COM service which allows you to instantiate the TileUserBroker COM object. This object doesn’t take into account the caller when writing and deleting files leading to EoP.
The psipuss version 1.0 script allows an attacker to disclose sensitive user information by manipulating the 'Uid' parameter in a SQL query. This vulnerability can be exploited to retrieve arbitrary user data from the database.
This is a proof of concept exploit for Melange Chat Server 1.10. The exploit allows an attacker to control the EIP (Extended Instruction Pointer) and execute arbitrary code. The exploit code has been tested on Suse 8.0 and RH 7.3. The exploit uses a shellcode provided by Irian. The exploit requires the target host, ret address in hex, and port as input parameters.
This vulnerability allows an attacker to execute arbitrary code by injecting malicious scripts into certain parameters of the Openfire application. The persistent XSS occurs when creating a Group Chat Bookmark or URL Bookmark, while the reflected XSS occurs in the search parameter. The exploit codes provided demonstrate how to inject the payloads and execute the code.
A memory leak vulnerability exists in Real Player 10 Gold. This vulnerability can be exploited to cause a denial of service (DoS) condition on the target system. It is important to note that testing this exploit may result in the loss of data, and other applications may fail upon execution.
A vulnerability has been detected in the WordPress cp reservation calendar Plugin v1.6. The vulnerability allows remote attackers to inject SQL commands. The sql injection vulnerability is located in the dex_reservations.php file. Remote attackers are able to execute own sql commands by manipulation of requested parameters. The security risk of the sql injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 8.6. Exploitation of the remote sql injection web vulnerability requires no user interaction or privilege web-application user account. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise.
This exploit allows an attacker to include a remote file in the target system's index.php file. The attacker can then execute malicious code from the included file.
IKEView.exe is vulnerable to local stack based buffer overflow when parsing an malicious (internet key exchange) ".elg" file. Vulnerability causes nSEH & SEH pointer overwrites at 4432 bytes after IKEView parses our malicious file, which may result then result in arbitrary attacker supplied code execution.
The plugin allows a wordpress site administrator or collaborator to download arbitrary files from the host file system though the plugin functionality of downloading .sql, .sql.zip or .sql.gz files created by the wordpress administrator. The file name to download is not sanitized and path traversal can be injected in the request.