The exploit allows an attacker to include a malicious script file via the 'load_lang.php' parameter in SerWeb 0.9.4. By manipulating this parameter, an attacker can execute arbitrary code on the target system.
This exploit allows an attacker to perform a denial of service attack on a TP-LINK TD-W8951ND router. By sending a specially crafted request to the '/Forms/status_1' endpoint, the attacker can cause the router to become unresponsive.
BitchX suffers from a unchecked bounds in a hash table in hook.c where one can inject data structures allowing for the remote execution of commands!
Open the DupScout client and click on Tools > click on Connect Network Drive > type the content of boom.txt in the "User Name" field. The payload is sent to the DupScout server (port 9126)
Windows Event Viewer user can import 'Custom View' files, these files contain XML, the parser processes External Entity potentially allowing attackers to gain remote file access to files on a victims system if user imports a corrupt XML file via remote share/USB (or other untrusted source).
The vulnerability allows remote attackers to execute arbitrary code by including a remote file in the vulnerable application.
This exploit takes advantage of a SEH (Structured Exception Handler) stack overflow in the GET request of Disk Savvy Enterprise version 9.1.14. It has been tested on Windows XP SP3 and Windows 7 Professional.
The Musoo 0.21 version is vulnerable to remote file inclusion. The vulnerability exists in the 'msDb.php', 'MusooTemplateLite.php', and 'SoundImporter.php' files. An attacker can exploit this vulnerability by manipulating the 'GLOBALS[ini_array][EXTLIB_PATH]' parameter in the URL to include a malicious file. Three exploits are provided in the text, each targeting a different file.
The Dirty COW (Copy-On-Write) vulnerability allows local attackers to gain root privileges on Linux systems. It exploits a race condition in the copy-on-write mechanism of the kernel's memory subsystem. By modifying certain system files, an attacker can gain root access and execute arbitrary code.
A specially crafted web-page can cause a type confusion vulnerability in Microsoft Internet Explorer 8 through to 11. An attacker can cause code to be executed with a stack layout it does not expect, or have code attempt to execute a method of an object using a vftable, when that object does not have a vftable. Successful exploitation can lead to arbitrary code execution.
Services By CQR