header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

win32k!NtGdiGetDIBitsInternal Double-fetch vulnerability

The win32k!NtGdiGetDIBitsInternal system call in Windows is vulnerable to a double-fetch vulnerability. This can potentially lead to kernel pool memory disclosure or denial of service. The vulnerability occurs when accessing the BITMAPINFOHEADER structure multiple times, specifically its .biSize field. By manipulating the user-controlled 'bmi' buffer, an attacker can exploit this vulnerability to corrupt memory or cause a denial of service. However, the exploit is mostly harmless due to various checks in place that prevent major consequences.

Regression Test UXSS in WebKit

The PoC code creates an iframe and appends it to the body. It then attempts to adopt the iframe using `adoptNode` from another iframe's content document. This triggers a use-after-free vulnerability, leading to a heap-use-after-free error. The vulnerability can potentially be used to achieve UXSS (Universal Cross-Site Scripting) in WebKit.

SQL Injection in includes/search.php

The vulnerability exists in the includes/search.php file of the PHP Arena website. The code shown is susceptible to SQL injection, as it directly concatenates user input ($_POST['categories']) into the SQL query without proper sanitization. An attacker can exploit this vulnerability to execute arbitrary SQL commands and retrieve sensitive information from the database.

Spiceworks Improper Access Control File Overwrite

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks 'dataconfigurations' directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69. This allows remote attackers to overwrite files within the Spiceworks configurations directory, if the targeted file name is known or guessed. Remote attackers who can reach UDP port 69 can also write/upload arbitrary files to the 'dataconfigurations', this can potentially become a Remote Code Execution vulnerability if for example an executable file e.g. EXE, BAT is dropped, then later accessed and run by an unknowing Spiceworks user.

Recent Exploits: