This module exploits a stack buffer overflow in Advantech WebAccess 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.
This exploit allows an attacker to remotely overflow the heap in MSN Messenger version 7.x (possibly 8.0). The exploit involves compiling a DLL, injecting it into the MSN Messenger process, and then sending a webcam invitation to a contact who is online. If the invitation is accepted, the target's MSN Messenger will crash. On a Chinese version of Windows 2000 SP4, it may also result in a reverse shell. The source code of the DLL needs to be adjusted for other versions of Windows 2000 by modifying the jmpa address.
This module exploits a stack buffer overflow in Dup Scout Enterprise 10.0.18. The buffer overflow exists via the web interface during login. This gives NT AUTHORITYSYSTEM access.
We have discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc). The memory leak (CVE-2017-1000408) first appeared in glibc 2.1.1 (released on May 24, 1999) and can be reached and amplified through the LD_HWCAP_MASK environment variable.
The vulnerability allows an attacker to inject sql commands.
IOTimeSyncClockManagerUserClient overrides the IOUserClient::clientClose method but treats it like a destructor, leading to multiple use-after-free vulnerabilities. Calling ::clientClose in one thread and an external method in another thread can cause the OSArrays to be freed and the locks protecting them to be destroyed, resulting in UaFs if the arrays are manipulated in other threads.
The vulnerability exists in the $vwar_root parameter in convert/mvcw.php file, which allows remote attackers to include arbitrary files via a specially crafted request. This can lead to remote code execution.
This exploit allows an attacker to perform blind SQL injection in DL PayCart 1.01. The vulnerability was discovered by irvian in 2007. The exploit sends malicious requests to the target website, exploiting a vulnerability in the viewitem.php file. By manipulating the 'ItemID' parameter, the attacker can extract information from the pc_settings table, specifically the 'AdminID' and 'AdminPass' fields. The exploit uses a blind technique to infer the values of these fields character by character. The exploit prints the extracted values to the console.
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Vulnerable variables are $aid and $catid on index.php file.
The winerr.h header file is used for managing errors in Windows, specifically for socket and errno. It provides error messages for various error codes related to socket operations. However, there is no specific exploit or vulnerability mentioned in the provided code snippet.
Services By CQR
