This module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, when forcing a reallocation by copying more contents than the original capacity, but Flash forgets to update the domainMemory pointer, leading to a use-after-free situation when the main worker references the domainMemory again. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 17.0.0.134.
A vulnerability has been discovered in MacKeeper's URL handler implementation that allows arbitrary remote code execution when a user visits a specially crafted webpage. Security researcher Braden Thomas discovered a flaw that allows arbitrary commands to be run as root with little to no user interaction required. A proof-of-concept (POC) has been released demonstrating how visiting a specially crafted webpage in Safari causes the affected system to execute arbitrary commands.
Yet Another Related Posts Plugin' options can be updated with no token/nonce protection which an attacker may exploit via tricking website's administrator to enter a malformed page which will change YARPP options, and since some options allow html the attacker is able to inject malformed javascript code which can lead to code execution/administrator actions when the injected code is triggered by an admin user. Injected javascript code is triggered on any post page.
The exploit is a buffer overflow vulnerability in the ANI header parsing code in Microsoft Windows. It allows an attacker to execute arbitrary code on a target system by sending a specially crafted ANI file. The exploit includes a shellcode that creates a port bind shell on port 13579. The exploit has been tested on Windows XP SP2 - Portuguese.
IBM WebSphere Portal is prone to a stored Cross-Site Scripting (XSS) vulnerability in the Web Content Management component, which allows authenticated users to inject arbitrary JavaScript. A potential attacker authenticated to the Web Content Management can exploit this vulnerability by creating a malicious web content and persuading the victim to visit it. This issue can lead to different kind of user-targeted attacks such as cookie stealing and account violation.
Use CSRF to force currently logged in user to create a bookmark pointing to an endpoint controlled by the attacker. Use subsequent request to call the bookmark just created. The identifier of the bookmark can be bruteforced using a single decrementing integer and causes minimal time delay. Gather the credentials on the target server provided in step #1
The vulnerability allows an attacker to include local files by exploiting the php121db.php script. The attacker can specify a local file in the php121dir parameter, which is not properly sanitized, leading to arbitrary file inclusion. The vulnerability can be exploited by sending a crafted request to the vulnerable server.
This is a proof of concept (PoC) exploit for a local heap overflow vulnerability in MS Windows .HLP files. The exploit takes advantage of a flaw in the way .HLP files are processed, allowing an attacker to overflow the heap and potentially execute arbitrary code. The specific details of the vulnerability are not provided in this post.
Macro Toolworks is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Local attackers can exploit this issue to run arbitrary code with elevated privileges. Failed exploit attempts can result in a denial-of-service condition.
Buffer overflow exploit in Mediacoder version 0.8.34.5716. The exploit takes control of the EIP and jumps backwards to avoid bad bytes.
Services By CQR
