This vulnerability allows an attacker to crash the Microsoft Edge browser by exploiting a flaw in the Chakra JavaScript engine. The issue occurs in the JsUtil::WeaklyReferencedKeyDictionary::FindEntry function, where an uninitialized memory read can lead to a NULL pointer dereference and cause a crash.
This is a remote root exploit for the Alpha Centauri Software SIDVault LDAP Server. It allows an attacker to gain root access to the server. The exploit uses a buffer overflow vulnerability to execute arbitrary code on the target system. It includes shellcode that will spawn a root shell. The exploit targets the JMP ESP address in Ubuntu's linux-gate.so library.
This module leverages an unauthenticated credential disclosure vulnerability to then execute arbitrary commands on DIR-850L routers as an authenticated user. Unable to use Meterpreter payloads.
This exploit allows an attacker to bypass safe mode restrictions in PHP by leveraging the PHP Perl extension. The attacker can execute arbitrary commands on the target system by providing a command through the 'cmd' parameter in the GET request. The exploit checks if the Perl extension is loaded and if the 'cmd' parameter is empty, it sets a default command based on the operating system. The Perl extension is then used to execute the command and the output is displayed in a textarea element on the page. The 'cmd' parameter is also sanitized to prevent HTML injection.
This module exploits a vulnerability found in Mako Server v2.5. It's possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to manage.lsp.
The SunShop v4.0 RC 6 search script is vulnerable to blind SQL injection in the s[cid] parameter. An attacker can inject SQL code to exploit this vulnerability. The vendor has released a solution in version 4.0.1. The script allows the attacker to retrieve the username or password from the admin table.
The ManageEngine Applications Manager version 13 is vulnerable to multiple post-authentication SQL injection vulnerabilities. The first vulnerability is in the 'name' parameter of the 'manageApplications.do' endpoint. An attacker can exploit this vulnerability by sending a specially crafted POST request to execute malicious SQL queries. The second vulnerability is in the 'viewProps' parameter of the 'GraphicalView.do' endpoint. By manipulating the 'yCanvas' field, an attacker can inject malicious SQL queries.
This exploit can be used to break out of sandboxes such as that in Google Chrome. It installs the seccomp filter from Chrome and a chroot, then breaks out of those and gets root. It bypasses smep and smap, but is somewhat unreliable and may crash the kernel instead.
The ViewerCtrl.ocx ActiveX component used by Avaya IP Office (IPO) is vulnerable to a remote buffer overflow. This vulnerability can be exploited by remote attackers to potentially execute arbitrary code. The exploit can be triggered when a user visits a malicious webpage using Internet Explorer.
This is a remote root exploit targeting ProFTPd with mod_tls. It takes advantage of an unpatched version of mod_tls and is a preauthentication bug. It also has a bruteforcing option. The exploit has the disadvantage of depending on the library mapped address, so there are no strict categories. It is unknown how many ProFTPd+mod_tls boxes are out there.
Services By CQR