The SuiteCRM 7.10.7 version is vulnerable to SQL injection attacks. By changing the 'parentTab' parameter to a specific value and appending malicious code to the URL, an attacker can execute arbitrary SQL queries on the database.
This exploit allows an attacker to include remote files by manipulating the phpbb_root_path parameter in the functions_mod_user.php file of phpBBViet 0.22. The attacker can execute arbitrary code or gain unauthorized access to the system.
The exploit creates a malicious payload that causes a Denial of Service (DoS) by generating a local buffer overflow. The payload is written to a file called 'Evil.txt', which is then copied and pasted into the 'Copy and Paste Registration Code' field in the MyVideoConverter Pro software. When the user clicks 'ok', the software crashes.
This exploit takes advantage of a vulnerability in PassFab Excel Password Recovery software version 8.3.1 running on Windows XP SP3. By providing specially crafted input, an attacker can trigger a buffer overflow and overwrite the Structured Exception Handler (SEH) to gain control of the program execution flow. This exploit replaces the SEH with a pop pop ret address in the SoftwareLog.dll module, allowing the execution of arbitrary code. The payload used in this example is a shellcode that opens the Windows calculator.
The meBiblio 0.4.5 script is vulnerable to a Remote File Inclusion (RFI) attack. The vulnerability exists in the index.php file, where the 'action' variable is not properly validated before being included in a PHP include() function. This allows an attacker to include a remote file from a malicious server, leading to remote code execution on the target system.
This exploit allows an attacker to perform a denial of service attack on Serv-u FTP server versions up to 5.2. By sending a specially crafted request, the server crashes, resulting in a denial of service for legitimate users.
The vm_map_copyin_internal function in vm_map.c in the kernel converts a region of a vm_map into copied in form, constructing a vm_map_copy structure representing the copied memory which can then be mapped into another vm_map. The function contains a while loop which walks through each of the vm_map_entry structures which make up the region to be copied and tries to append a copy of each in turn to a vm_map_copy structure. However, under certain circumstances, there is a non-blocking copy-on-write optimization that can be exploited.
The com.apple.iohideventsystem service on MacOS and iOS suffers from type confusion issues in the IOMIGMachPortCache, leading to out-of-bounds reads and type confusion. There is also a memory safety issue in _io_hideventsystem_unregister_record_service_changed_notification, where a CFRelease call is not balanced by a CFRetain. An attacker can exploit these issues by connecting to the service and calling io_hideventsystem_unregister_record_service_changed_notification twice.
The xpc mach message parsing function in libxpc does not properly handle cases where the message has the MACH_MSGH_BITS_COMPLEX bit set but has a msgh_descriptor_count of 0. This can lead to memory corruption and potentially allow an attacker to execute arbitrary code.
XNU has a vulnerability in its copy-on-write memory management mechanism. When creating copy-on-write copies of data between processes, the copied memory is not properly protected against later modifications by the source process, potentially leading to double-read exploits in the destination process. This vulnerability can also occur with file mappings, where the file contents may be mutated by the filesystem without informing the memory management subsystem, resulting in security bugs.
Services By CQR