The Microsoft Windows kernel suffers from a use-after-free vulnerability in UserCommitDesktopMemory.
d1d309acfcd994767d657a143b1e405662a938b4370d0d8c5a73308836125489downloadcode.php from Shadow Infosystem suffers from an arbitrary file download vulnerability.
b3864dd1aa64620ab5f39a5ee1e756dd75eb81aa18ae0b6acd9703a1adf347dcThe OS X regex engine (TRE) uses the alloca function in a few places, sometimes where an attacker can partially control the size.
4892e0cd6b0f4549272861144a2d62b719c14ab2eeb90564785bc88c25656d6eJasig CAS server version 4.0.1 suffers from multiple cross site scripting vulnerabilities.
928b84011dff3144a37d1cfdc7d395749395fab098e6d06d7a344dcc23637bb0SAP Netweaver versions prior to 7.01 suffer from an XXE injection vulnerability.
987e7fdca3ec106a0a0d7d54210c112384477f102eb17692cff33e9a889a6a56ADH-Web IP Cameras suffer from improper access restrictions and various other vulnerabilities.
f27d5f8c91ba3407b2bb5fd671d93c6be791bedca6d727599be3ad493389bd28IntelBras WRN 340 (ADSL modem router) remote unauthenticated DNS changing exploit.
17dc64fef14b3ce589e6d84108278318da8bf27f17e2823a9ea2fc50d8fc4ab6Total Commander version 8.52 buffer overflow exploit designed to be used on Windows 10.
bebe7348068124a14b4b81b6f9aa876de76053f9d8430e4750db22b4277059e7Total Commander version 8.52 buffer overflow exploit.
971321e53a7c338abcf6b4b4b5b0aa00d56ecd7e6f7b514c243f3b8e020a8694Thomson CableHome Gateway DWG849 suffers from an information disclosure vulnerability.
d61c502c86dfc89c223647a763226ce1024442050ddd4fff9c2f9745e6eeff50This Metasploit module exploits an SEH overflow in Konica Minolta FTP Server 1.00. Konica Minolta FTP fails to check input size when parsing 'CWD' commands, which leads to an SEH overflow. Konica FTP allows anonymous access by default; valid credentials are typically unnecessary to exploit this vulnerability.
9b4e188dfd973cb391489182e25092159a1a540a9de8fa14b7fbb50169dd49ffA vulnerability within the ndvbs module allows an attacker to inject memory they control into an arbitrary location they define. This vulnerability can be used to overwrite function pointers in HalDispatchTable resulting in an elevation of privilege. suffers from code execution, and local file inclusion vulnerabilities.
f56522b7ad8171646ac1c3eea8d0052f0c4e3db5b5c86c6dd3e9b9fae91e3b70WordPress Vertical Image Slider plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
63f064a0c336409406e1795abef613e59a229b155d2c3f25704ac46915950f95The Task Scheduler can be made to delete a task after it's trigger has expired. No check is made to ensure the task file is not a junction which allows arbitrary files to be deleted by the system user leading to EoP.
c30785bf661d0d66daa78abe61a94c360587d6e66ae875cfc5a81dc4ec54b02eThe NtUserGetClipboardAccessToken win32k system call exposes the access token of the last user to lower-privileged users. It can also be used to open an anonymous impersonation thread token which normally OpenThreadToken shouldn't be able to do. This is a bypass of the fix for CVE-2015-0078.
9bcf7274e363f1dc579d9ed68048a01019d56cc2f841f1a4a04c182389196296A bounds check crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
05a60e7019067851141f1787a5bbda75454773b40b9acf97e8b754f2fad758fdMicrosoft Excel 2007 running on Windows 2003 suffers from a use-after-free vulnerability.
460bd27af88f7165a795d698b85d2e4cd8c83732200f70dc5c84e7b8e4818f79The host process for the UMFD runs as a normal user but with a heavily restrictive process DACL. It's possible execute arbitrary code within the context of the process because it's possible to access the processes threads leading to local EoP.
f0ec77ee8811de8feb9edad30b69fae9734672773f9e5a37d08fdba2317cebd5A use-after-free crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
3b2e620089c3777eb2d36942713f33cf68f9865e894dbaee83bdbdb3af57385cA type confusion crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
247823ed9395d266e8674965a149848a04a5b7380aa2bf3723839d71d6ca65a6Farol suffers from a remote SQL injection vulnerability.
df6cc2ad04df2605a64ef148d68abc88d2f8585d578b3fc546581b6423ee7f3eThe Microsoft\Windows\Shell\CreateObjectTask initializes a shell32 based ICreateObject COM server as local system. This is marked as being accessible from a normal user account so once created we can attach to it. The server only has one method, CreateObject which checks the CLSID against a list of known safe classes before allowing it to be instantiated. One of these classes is allows a user to set their account picture for the logon screen.
6a43091589e97afa78001dc6e8f0c4e88aed1de975f8578e7b0706c3c45901f3The Microsoft\Windows\Shell\CreateObjectTask initializes a shell32 based ICreateObject COM server as local system. This is marked as being accessible from a normal user account so once created we can attach to it. The server only has one method, CreateObject which checks the CLSID against a list of known safe classes before allowing it to be instantiated. One of these classes is a diagnostic class for setting synchronization implemented in SettingSync.dll.
6aef4dd16b7085d61fe94cd118f3ece652f9cd33df0722b63a4bf31f53557554An OS X IOKit kernel memory corruption issue occurs due to a bad bzero in IOBluetoothDevice.
f3d2f3b8051f90b86f0cfd263f09f98a7e0e04c1e1fcff20c13e3ca8f318052ciBooking CMS suffers from a remote SQL injection vulnerability.
f940a1514994a822f9b19f66067c704407e5484e1dded2db9cec7600be48e779
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed