The switch statement in the code only handles Js::TypeIds_Array but not Js::TypeIds_NativeIntArray and Js::TypeIds_NativeFloatArray. This can lead to type confusion when a native float array is considered as of type ObjectType::Object under certain circumstances where the condition "objValueType.IsLikelyArrayOrObjectWithArray()" is not fulfilled. Handling a native array as a definite object can lead to type confusion.
The file "scripts/sb_communicate.php" in Simple PHP Blog (sphpblog) version <= 0.5.1 contains code that allows an attacker to spoof their IP address.
Seqrite End Point Security v7.4 installs with weak folder permissions, allowing any user to gain full permission to the program directory. Additionally, the program installs services that run as 'LocalSystem' without the 'Self Protection' feature enabled, allowing a non-privileged user to elevate privileges to 'NT AUTHORITYSYSTEM'.
This exploit takes advantage of a buffer overflow vulnerability in Free MP3 CD Ripper version 2.8. By creating a specially crafted '.wma' file and loading it into the program, an attacker can execute arbitrary code with the privileges of the user running the program. The exploit bypasses Data Execution Prevention (DEP) and uses a modified Structured Exception Handler (SEH) exploit. Upon successful exploitation, a calculator application will be launched on the victim's machine.
Module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. Currently the module does not spawn as SYSTEM, however once achieving a shell, one can easily use incognito to impersonate the token.
This module exploits insufficient sanitization in the database::protect method, of Navigate CMS versions 2.8 and prior, to bypass authentication. The module then uses a path traversal vulnerability in navigate_upload.php that allows authenticated users to upload PHP files to arbitrary locations. Together these vulnerabilities allow an unauthenticated attacker to execute arbitrary PHP code remotely. This module was tested against Navigate CMS 2.8.
This module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler record.
Litespeed will parse an URL/Files mimetype incorrectly when given a nullbyte.
Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation.
The vulnerability allows an attacker to include a remote file on the vulnerable server. In this case, the vulnerability exists in the scripture.php file of TOWeLS version 0.1. By manipulating the 'pageHeaderFile' parameter, an attacker can include a malicious file hosted on a remote server.
Services By CQR