An integer overflow was found in apache2-mpm-worker 2.2.19 in the function ap_pregsub called from mod-setenvif. When a header field is mangled using SetEnvIf, the new environment variable data can be multiples of the size of the submitted header field. This leads to a buffer overflow when filling the buffer with user-supplied data. The issue affects all versions from 2.0.x to 2.0.64 and 2.2.x to 2.2.21.
On Ubuntu Wily, it is possible to place an USERNS overlayfs mount over a fuse mount. The fuse filesystem may contain SUID binaries, but those cannot be used to gain privileges due to nosuid mount options. But when touching such an SUID binary via overlayfs mount, this will trigger copy_up including all file attributes, thus creating a real SUID binary on the disk.
The SaveToFile method in PGPBBox.dll in the SecureBlackbox software package from the Eldos Company allows remote attackers to write arbitrary data by crafting a malicious HTML page. This vulnerability affects computers using this software.
This exploit targets a vulnerability in the bz2 extension of PHP version 5.2.3. By using the com_print_typeinfo() function, an attacker can trigger a remote denial of service (DoS) attack. The vulnerability was discovered by shinnai and can be exploited on Windows XP SP2, both from the command line interface (CLI) and on Apache web server.
There is a vulnerability in the keyring_main.php file of the SquirrelMail G/PGP Encryption Plug-in that allows remote command execution. The 'fpr' parameter is not properly escaped, allowing an attacker to execute arbitrary commands on the target system.
This exploit bypasses the Supervisor Mode Execution Prevention (SMEP) in Windows operating systems. It creates two bitmaps, a manager bitmap and a worker bitmap, and uses them to manipulate memory and gain unauthorized access.
This proof of concept code demonstrates a memory leak vulnerability in the Linux Kernel. It dumps the memory mapped between INI and END addresses. The vulnerability is based on a null pointer dereference and can be exploited to read arbitrary memory. The code sets np->opt to NULL through IPV6_2292PKTOPTIONS and then maps a memory region at address 0x00000000. It then sets ptr to point to np->opt->hopopt and iterates through memory addresses between INIADDR and ENDADDR, retrieving the chunks pointed by hopopt through getsockopt IPV6_DSTOPTS and printing them to stdout.
wifirx.c' contain a vulnerable code in the line '111' the developer use the 'strcpy' function and does not check the buffer destination and cause a Stack Oveflow.
This module exploits a vulnerability found in Distinct TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of 'SYSTEM'.
This exploit targets the Mail Machine application versions v3.980, v3.985, v3.987, v3.988, and v3.989. It exploits a vulnerability in the mailmachine.cgi script where the open() function is not properly sanitized against user-supplied input. By exploiting this vulnerability, an attacker can disclose arbitrary files from the server.