The vulnerability allows an attacker to bypass fusermount's restrictions on the use of the 'allow_other' mount option when SELinux is active. By manipulating the 'context' parameter and using a specially crafted shared library, an attacker can mount a FUSE filesystem with the 'allow_other' option, gaining escalated privileges.
It is possible to trigger a BSOD caused by a Null pointer deference when calling the system call NtUserConsoleControl with the following arguments: NtUserControlConsole(1,0,8). NtUserControlConsole(4,0,8). NtUserControlConsole(6,0,12). NtUserControlConsole(2,0,12). NtUserControlConsole(3,0,20). NtUserControlConsole(5,0,8). Different crashes are reproduced for each case.
This exploit takes advantage of a buffer overflow vulnerability in Allok MOV Converter 4.6.1217. By running the python exploit script, a new file named 'exploit.txt' is created. The content of 'exploit.txt' is then pasted into the License name field of the Allok MOV Converter program, triggering the buffer overflow and causing a calculator to pop up.
This exploit targets a vulnerability in Drupal versions up to 5.2. It utilizes the PHP Zend Hash vulnerability to execute arbitrary code. By manipulating the URL parameters, an attacker can inject malicious PHP code and execute it on the target system.
The QNap QVR Client version 5.1.1.30070 is vulnerable to a denial of service attack when a specially crafted password is provided. By sending a large buffer of 'A' characters, the application crashes, resulting in a denial of service condition.
This exploit allows an attacker to inject and execute arbitrary PHP code remotely in TikiWiki version 1.9.8. By manipulating the 'f' parameter in the URL, an attacker can execute PHP code of their choice.
This exploit targets a local buffer overflow vulnerability in 10-Strike LANState 8.8. By opening a specially crafted lsm file, an attacker can trigger the vulnerability and execute arbitrary code.
The 10-Strike Bandwidth Monitor 3.7 software is vulnerable to a local buffer overflow exploit. By running a script and copying the generated code to the clipboard, an attacker can execute arbitrary code and gain unauthorized access to the system. This can be done either by pasting the code into the Bandwidth Monitor application or by going to the Help tab and clicking Registration. This exploit allows for the execution of a shell.
This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding, which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives the ability to add a new user onto the system. manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operating system command. It's not possible to access this endpoint without having a valid session. Combining these vulnerabilities gives the opportunity to execute operating system commands under the context of the web user.
The JContentSubscription Joomla component version 1.5.8 is vulnerable to multiple remote file inclusion vulnerabilities. These vulnerabilities allow an attacker to include arbitrary remote files by manipulating the 'mosConfig_absolute_path' parameter in various files. By exploiting these vulnerabilities, an attacker can execute malicious code on the affected system.
Services By CQR