This exploit targets EDraw Office Viewer Component (edrawofficeviewer.ocx) version 4.0.5.20. By sending a specially crafted HTTP request, an attacker can cause a denial of service condition on systems running this vulnerable component. The exploit involves creating a large buffer and passing it as a parameter to the HttpDownloadFile method of the ActiveX object.
The attached ATF file causes a heap overflow in ATF processing. To reproduce this issue, put LoadImage.swf and test.png on a remote server, and visit http://127.0.0.1/LoadImage.swf?img=test.png. This is an overflow in decompressing alphas when an image has a height of 1 pixel.
This module exploits the vulnerability in mrxdav.sys described by MS16-016. The module will spawn a process on the target system and elevate it's privileges to NT AUTHORITYSYSTEM before executing the specified payload within the context of the elevated process.
Using the 'DownloadFile' method, this exploit allows downloading any file on a PC. The provided example downloads a txt file, but it can also overwrite critical system files like cmd.exe.
During a standard installation of InstantHMI, the installer automatically creates a folder named "IHMI-6" in the root drive with incorrect default permissions. AUTHENTICATED USERS are given WRITE permission, allowing them to replace binaries or plant malicious DLLs to obtain elevated, administrative level privileges.
This vulnerability allows an attacker to perform a remote SQL injection attack on the Vizayn Urun Tanitim Sistemi v0.2 (tr) script. By manipulating the 'id' parameter in the 'default.asp' file, an attacker can retrieve sensitive information from the admin table, including the admin username, password, and email address.
The usermode audio subsystem for the "Samsung Android Professional Audio" is based on JACK, which appears to be designed for single-user usage. The shared memory implementation allows any application to access/modify/map shared memory pages used by JACK, regardless of which application created those shared memory pages. This allows an attacker to corrupt the internal state of shared-memory backed objects and modify values without validation, potentially leading to privilege escalation.
File extension check bypass and directory traversal lead to uploading an arbitrary file to an unintended directory and remote code execution.
This exploit allows an attacker to bypass user authentication and potentially execute remote code on a Pheap 2.0 server. The exploit takes advantage of a user verification routine that compares a cookie value to the admin's username. If the cookie value does not match the username, the user is redirected to the login page. By knowing the admin's username, an attacker can access any page that uses this authentication method and retrieve all credentials in clear-text. The exploit script provided allows for either credential disclosure or remote code execution.