There is a vulnerability in the keyring_main.php file of the SquirrelMail G/PGP Encryption Plug-in that allows remote command execution. The 'fpr' parameter is not properly escaped, allowing an attacker to execute arbitrary commands on the target system.
This exploit bypasses the Supervisor Mode Execution Prevention (SMEP) in Windows operating systems. It creates two bitmaps, a manager bitmap and a worker bitmap, and uses them to manipulate memory and gain unauthorized access.
This proof of concept code demonstrates a memory leak vulnerability in the Linux Kernel. It dumps the memory mapped between INI and END addresses. The vulnerability is based on a null pointer dereference and can be exploited to read arbitrary memory. The code sets np->opt to NULL through IPV6_2292PKTOPTIONS and then maps a memory region at address 0x00000000. It then sets ptr to point to np->opt->hopopt and iterates through memory addresses between INIADDR and ENDADDR, retrieving the chunks pointed by hopopt through getsockopt IPV6_DSTOPTS and printing them to stdout.
wifirx.c' contain a vulnerable code in the line '111' the developer use the 'strcpy' function and does not check the buffer destination and cause a Stack Oveflow.
This module exploits a vulnerability found in Distinct TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of 'SYSTEM'.
This exploit targets the Mail Machine application versions v3.980, v3.985, v3.987, v3.988, and v3.989. It exploits a vulnerability in the mailmachine.cgi script where the open() function is not properly sanitized against user-supplied input. By exploiting this vulnerability, an attacker can disclose arbitrary files from the server.
This module exploits a vulnerability in Firebird SQL Server. A specially crafted packet can be sent which will overwrite a pointer allowing the attacker to control where data is read from. Shortly, following the controlled read, the pointer is called resulting in code execution. The vulnerability exists with a group number extracted from the CNCT information, which is sent by the client, and whose size is not properly checked. This module uses an existing call to memcpy, just prior to the vulnerable code, which allows a small amount of data to be written to the stack. A two-phases stackpivot allows to execute the ROP chain which ultimately is used to execute VirtualAlloc and bypass DEP.
The named pipe, SUPipeServer, can be accessed by normal users to interact with the System update service. The service provides the possibility to execute arbitrary commands as SYSTEM if a valid security token is provided. This token can be generated by calling the GetSystemInfoData function in the DLL tvsutil.dll. Please, note that the System Update is stopped by default but can be started/stopped calling the Executable ConfigService.exe.
Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the victim to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
This module exploits a remote command-injection vulnerability in EMC Replication Manager client (irccd.exe). By sending a specially crafted message invoking RunProgram function an attacker may be able to execute arbitrary commands with SYSTEM privileges. Affected products are EMC Replication Manager < 5.3. This module has been successfully tested against EMC Replication Manager 5.2.1 on XP/W2003. EMC Networker Module for Microsoft Applications 2.1 and 2.2 may be vulnerable too although this module have not been tested against these products.
Services By CQR