Exploits/Client Side

Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Buffer Overflow Exploit

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator.

Microsoft Internet Explorer Scripting Engine Memory Corruption Exploit

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.

WECON LeviStudioU SMtext Buffer Overflow Exploit

The specific flaw exists within the handling of XML files. When parsing the ShortMessage SMtext element, the process does not properly validate the length of user-supplied data prior to copying it to a buffer.

Disk Pulse Enterprise Import Command Local Buffer Overflow Exploit

A Buffer Overflow exists when parsing .XML files by Command Import. The vulnerability is caused due to a boundary error when handling a crafted .XML files.

LibreOffice LibreLogo Python Global Event Scripting Vulnerability Exploit

By abusing document's event feature in LibreOffice and the LibreLogo script, an attacker can execute arbitrary python code from within a malicious document silently, without user warning. This module performs a bypass of CVE-2019-9848 by using global script events.

LibreOffice LibreLogo Python Scripting Vulnerability Exploit v19_1

By abusing document's event feature in LibreOffice and the LibreLogo script, an attacker can execute arbitrary python code from within a malicious document silently, without user warning.

Fuji Electric Alpha5 Smart Loader Exploit

Fuji Electric Alpha5 Smart Loader is prone to a buffer overflow when handling a specially crafted csp file.

Microsoft Internet Explorer VBScript UAF Exploit (2019)

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.

LibreOffice LibreLogo Python Scripting Vulnerability Exploit

By abusing document's event feature in LibreOffice and the LibreLogo script, an attacker can execute arbitrary python code from within a malicious document silently, without user warning.

XMPlay M3U Files Buffer Overflow Exploit

XMPlay 3.8.3 allows remote attackers to execute arbitrary code via a crafted http:// URL in a .m3u file.