This exploit takes advantage of a stack overflow vulnerability in CyberLink LabelPrint <=2.5. The vulnerability allows an attacker to execute arbitrary code by creating a specially crafted project file.
This exploit allows an attacker to execute arbitrary code on a target server running Php Blue Dragon CMS 3.0.0. The exploit takes advantage of a vulnerability in the login system of the CMS, allowing the attacker to bypass authentication and execute commands on the server.
This exploit allows an attacker to remotely include files in the Php Blue Dragon CMS version 3.0.0 by manipulating the 'vsDragonRootPath' parameter in the 'activecontent.php' file. By injecting malicious code into this parameter, an attacker can execute arbitrary code on the target system.
DlxSpot Player 4 above version 1.5.10 suffers from an SQL injection vulnerability in the admin interface login and is exploitable using the username:admin and password:x' or 'x'='x.
This exploit allows an attacker to perform a remote SQL injection attack on a target server running Php Blue Dragon CMS version 3.0.0. The attacker can manipulate the user_id parameter to execute arbitrary SQL commands on the target server.
The win32k!NtGdiDoBanding system call discloses portions of uninitialized kernel stack memory to user-mode clients. Specifically, 8 bytes of uninitialized kernel stack memory are copied to ring-3 in two different execution contexts.
The nt!NtGdiEngCreatePalette system call discloses large portions of uninitialized kernel stack memory to user-mode clients. This occurs when palettes are created in the PAL_INDEXED mode with up to 256 colors and a temporary stack-based buffer is used without pre-initializing it with zeros. The uninitialized memory can be treated as valid palette colors, leading to the creation of a palette with uninitialized memory from the kernel stack. This memory can be subsequently read back using the GetPaletteEntries() API.
The nt!NtRemoveIoCompletion system call handler discloses 4 bytes of uninitialized pool memory to user-mode clients on 64-bit platforms. The bug occurs when passing the IO_STATUS_BLOCK structure back to user-mode, where the upper 32 bits of the 'Pointer' field remain uninitialized if only the 'Status' field is initialized. The nt!NtRemoveIoCompletion system call copies the entire structure back to user-mode, revealing the uninitialized memory.
The nt!NtGdiGetPhysicalMonitorDescription system call in Windows 7 to Windows 10 discloses uninitialized kernel stack memory to user-mode clients. The syscall copies a stack-based array of 256 bytes to the caller, but typically only a small portion of the buffer is used to store the requested monitor description, leaving the rest uninitialized. This uninitialized memory region contains sensitive information such as addresses of executable images, kernel stack, kernel pools, and stack cookies.
This exploit allows an attacker to bind a TCP shell to a specific port on a Windows system. The exploit targets the shell32.dll library and is specifically designed for Windows XP.
Services By CQR