The DxgkDdiEscape handler for 0x70001b2 in Windows doesn't properly check the bounds for its variable size input, leading to a memory corruption vulnerability. This can be exploited by an attacker to execute arbitrary code or crash the system.
This is a remote buffer overflow exploit for the Microsoft Windows DirectSpeechSynthesis Module (XVoice.dll 4.0.4.2512) and DirectSpeechRecognition Module (Xlisten.dll 4.0.4.2512). The exploit works regardless of boot.ini settings and can be executed remotely or by dragging an HTML file into the browser window. It has been tested against IE 6.
This vulnerability exists in the IOBluetoothHCIUserClient of the IOKit framework in macOS. When creating a new IOBluetoothHCIUserClient, if the userclient doesn't take a reference to the owningTask, an attacker can pass a task port for another task, kill that task, and get the user client to use the freed task struct. This can lead to a use-after-free vulnerability, allowing an attacker to manipulate IOMemoryDescriptors and potentially execute arbitrary code.
Micro Focus Rumba FTP Client 4.x cannt handle long directory names. An attacker can setup a malicious FTP server that can send a long directory name which can led to remote code execution on connected client.
This exploit targets the DirectSpeechSynthesis Module (XVoice.dll) and DirectSpeechRecognition Module (Xlisten.dll) in Microsoft Windows. By passing certain characters to the ModeName argument of the FindEngine method, the exploit overwrites the SEH handler, allowing for remote code execution. This exploit has been successfully tested on Windows 2000 SP4 with Internet Explorer 6. Under Windows XP, Internet Explorer crashes without warning the user first, but arbitrary code execution is still possible depending on loaded Unicode addresses in memory.
Multiple local stack overflow vulnerabilities which can used when to exploit when learning exploit development. Note: Rumba uses send.exe and receive.exe to send and receive files so it might be possible to exploit this remotely.
The vulnerability exists in the footer.php file of the Horoscope module in XOOPS, allowing an attacker to traverse the file system and access sensitive files by manipulating the 'xoopsConfig[root_path]' parameter. This can lead to unauthorized access, information disclosure, and potential remote code execution.
HP Calendar Service uses weak insecure permissions settings on its files/directory as the 'Everyone' group has full access on it. Allowing low privileged users to execute arbitrary code in the security context of ANY other users with elevated privileges on the affected system.
This vulnerability allows an attacker to include remote files on the server by manipulating a parameter in the URL. The specific vulnerable file is 'spaw_control.class.php' located in the 'admin/spaw' directory of the TinyContent module in XOOPS. By setting the 'spaw_root' parameter to a remote file location, the attacker can execute malicious code on the server.
An elevation of privilege vulnerability exists in the NDISTAPI.sys component of the Remote Access Service NDISTAPI driver. The vulnerability is caused when the NDISTAPI driver improperly validates user-supplied input when passing data from user mode to the Windows kernel. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode (i.e. with NT AUTHORITYSYSTEM privileges).
Services By CQR