Persistent & reflected XSS entry points exist allowing arbitrary client side browser code execution on victims who click our infected linx or visit persistently stored XSS payloads. XSS strings seem to get filtered, yet we can defeat that using JS String.fromCharCode() functions.
The vulnerability allows an attacker to include a remote file by manipulating the 'friendly_path' parameter in the specified URLs. This can lead to remote code execution and unauthorized access to the server.
The vulnerability allows an attacker to include a remote file in the application's code, which can lead to arbitrary code execution.
The vulnerability occurs in the handling of the 'cmap' (format 14) SFNT table in FreeType. It allows for heap-based out-of-bounds memory reads. The issue has been reproduced using the current version of freetype2 with a 64-bit build of the ftbench utility compiled with AddressSanitizer. Three proof-of-concept (POC) files triggering the conditions are attached.
The wfquotes module in Xoops v1.0 0 allows remote attackers to execute arbitrary SQL commands via the op parameter in the index.php script.
The Python 2.7 strop.replace() method suffers from an integer overflow that can be exploited to write outside the bounds of the string buffer and potentially achieve code execution. The issue can be triggered by performing a large substitution that overflows the arithmetic used in mymemreplace() to calculate the size of the new string.
The Python 2.7 array.fromstring() method suffers from a use after free caused by unsafe realloc use. The issue is triggered when an array is concatenated to itself via fromstring() call.
The Python 2.7 hotspot module suffer from a heap buffer overflow due to a memcpy in the pack_string function.
This exploit allows an attacker to create a file called buffer.txt, open it in the Gold Player application, and gain control of a bind tcp port at 4444. The exploit involves executing a Python script, copying the contents of buffer.txt, and pasting them into the Gold Player application. The exploit has been tested on Windows 8.1 Pro and Windows 7 Ultimate.
If TCPing is called with a specially crafted CL argument, it causes an exception and overwrites the Pointers to next SEH record and SEH handler with a buffer and malicious shellcode. TCPing is not compiled with SafeSEH, so an arbitrary code execution can be achieved on the victim's system.
Services By CQR