This exploit takes advantage of a stack buffer overflow vulnerability in the NetUSB kernel. By sending a specially crafted packet to the target device, an attacker can cause a denial of service (DoS) condition.
The 'OpenDVD' method in East Wind Software (advdaudio.ocx v. 1.5.1.1) is vulnerable to a local buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code or crash the application.
The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. This action requires no permissions to call, allowing an unprivileged application to gain access to email content.
The Exynos Seiren Audio driver has a buffer overflow vulnerability in the write() implementation, allowing for memory corruption. The vulnerability can be triggered by writing to the device endpoint (/dev/seiren) with a user-supplied buffer that is not adequately bounds checked.
Security holes were found in NPDS 5.10. N°1: Sql Injection in cookies (File Mainfile.php lines 655 to 691). No check is carried out on nicknames or Id which can allow an attacker to modify a SQL request so as to obtain data. N°2: SQL Injection due to a bad use of "X_FORWARDED_FOR" (file Mainfile.php lines 88 to 110). NPDS uses the HTTP header "X_FORWARDED_FOR" which normally contains the IP adress of a person using a non anonymous proxy. This Ip address is used in a SQL resquest without appropriate filtering, and an attacker can define "X_FORWARDED_FOR" insering malicious SQL code.
This module writes to the sudoers file without root access by exploiting rsh and malloc log files. Makes sudo require no password, giving access to su even if root is disabled. Works on OS X 10.9.5 to 10.10.5 (patched on 10.11).
The vulnerability allows an attacker to include a remote file by manipulating the 'right_file' parameter in the 'tpl_message.php' file. This can lead to remote code execution.
Multiple Remote File Inclusion vulnerabilities exist in Persism Content Management System version 0.9.2 and below. The vulnerabilities can be exploited by an attacker to include arbitrary files from remote servers, leading to remote code execution.
The PMECMS version 1.0 has multiple remote file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by manipulating the 'config[pathMod]' parameter in various module files to include malicious files from remote servers. This can lead to remote code execution and unauthorized access to sensitive information.
The World Browser is a web browser that is vulnerable to remote code execution. An attacker can exploit this vulnerability by running a PHP code that creates a malicious file and opens it in the browser. This allows the attacker to execute arbitrary code on the victim's system.
Services By CQR