The vulnerability allows an attacker to include remote files in the application, potentially allowing them to execute arbitrary code.
This exploit targets the courier-imap version 3.0.2-r1 and leverages a remote format string vulnerability to execute arbitrary code. The exploit is launched against the IP address 127.0.0.1 on port 143. The exploit retrieves the current ebp value, possible saved ebp values, and possible write on the stack pointer. It then verifies the obtained values and proceeds to build the necessary components for the exploit, including the format string and shellcode. The exploit uses a ret value of 0x8057000 and the got address of fprintf() at 0x804fefc. After successfully executing the exploit, it gains root access and prints the UID, GID, and group information.
This program overwrites the system's huge zero page.
This exploit provokes a DoS in the Thomson 2030 firmware v1.52.1 device by sending a specially crafted SIP request.
There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name and any contents can be written to anywhere on the filesystem that the Gmail app can access. This bug has limitations such as the email address has to be a non-Gmail and non Gmailified (Hotmail or Yahoo) account, the file cannot overwrite an existing file, and the user has to click to download the attachment.
The vulnerability allows an attacker to inject malicious code by exploiting the 'InlineBuiltInFunction' and 'InlineScriptFunction' methods in the 'Inline::Optimize' function. By manipulating the call expression, an attacker can execute arbitrary code.
The Chakra JIT compilation process stores variables' type information by basic block. However, unlike variables, the type information of constants like numbers and strings is managed globally. This leads to a type confusion vulnerability where constants can be treated as a different type regardless of the control flow. This vulnerability can be exploited through inlined JavaScript functions.
This is a proof-of-concept exploit for a buffer overflow vulnerability in the php_iisfunc.dll extension in PHP versions <= 5.2.0 on the win32 platform. The vulnerability allows an attacker to execute arbitrary code by sending a specially crafted string argument(s) to various functions that convert the string(s) to unicode. The specific functions affected are fnStartService, fnGetServiceState, and fnStopService.
Multiple stored XSS vulnerabilities in CommuniGatePro 6.1.16 webmails (crystal, pronto, and pronto4) allow attackers to execute scripts in the victim's browser, gaining control over the victim's mailbox, computer, and ability to send emails on behalf of the victim, deface the victim's mailbox, and invoke malicious code when attachments are sent to the victim.
The nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the application.
Services By CQR
