This exploit allows an attacker to run arbitrary code on a system with Allok Video Converter installed. By creating a specially crafted file and pasting its contents into the License Name field, an attacker can trigger a buffer overflow and execute arbitrary code.
OneCMS contains a flaw that allows an attacker to carry out an SQL injection attack. The issue is due to the userreviews.php script not properly sanitizing user-supplied input to the 'abc' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database if magic_quotes_gpc = off.
The exploit triggers a buffer overflow in the isInstalled.dnsResolve function in Sun's JRE version 1.6.0_X. The provided code by Yag Kohha creates a string 'b' and continuously appends it to itself until its length exceeds 512*512. This causes the buffer overflow when the dnsResolve function is called with 'b' as the argument.
1. Lack of file type filter enabling attacker to upload PHP scripts that can later be executed2. Found SQLI in the Date of Birth text box3. Found Stored XSS in manufacturer_name4. Multiple vulnerabilities (SQLI and Information Leak)
This exploit allows an attacker to include local files by manipulating the 'page' parameter in the URL. The attacker needs admin credentials to download files. The exploit author used default credentials to demonstrate the vulnerability.
The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in EoP.
The handling of the VFS for desktop bridge applications can allow an application to create virtual files in system folder which can result in EoP.
The nt!NtWaitForDebugEvent system call discloses portions of uninitialized kernel stack memory to user-mode clients on 64-bit versions of Windows 7 to Windows 10. The uninitialized memory is leaked to the user-mode caller due to a 4-byte alignment issue in the structure. An example proof-of-concept program is provided to demonstrate the disclosure.
This exploit allows for code execution in Microsoft Visual Basic Enterprise Edition 6.0 SP6. The author made modifications to the original exploit to address a memory exception issue. The exploit is dedicated to Italian VB6 programmers.
The Google Software Updater on MacOS installs a root service that exposes an API for updating Google software on the machine. This service uses Distributed Objects, which can be exploited to overload objective-c method calls and attack the plist serialization code. By pretending to be a CFString and then becoming a CFDictionary, an attacker can escalate privileges and potentially execute arbitrary code.
Services By CQR