This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU UserManage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.



The specific flaw exists within the handling of the UserMgr.xml file. When parsing the GroupList Description element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator.

Sophos SafeGuard Enterprise, SafeGuard Easy, and SafeGuard LAN Crypt are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input buffer we can control the execution path to the point where the constant 0x12 will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context.

CMS Made Simple allows remote authenticated administrators to execute arbitrary PHP code via file upload using admin/moduleinterface.php

A Stack Overflow exists when parsing .m3u files. The vulnerability is caused due to a boundary error when handling a crafted .m3u files.

An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine allows a local low privileged user to gain elevation of privileges.

Cisco UCS Manager contains a OS Command Injection vulnerability in /settings/ping function, which allows unauthenticated attackers to gain arbitrary code execution on the affected system.

In the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local) path as SYSTEM when the execute_installer parameter is used in an HTTP message.

Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.

QNAP Qcenter Virtual Appliance contains multiples vulnerabilities which allows authenticated attackers to gain arbitrary code execution on the affected system with root privileges.

Adobe Reader has a built-in sandbox feature that usually makes exploitation difficult. By combining vulnerabilities, this attack achieves code execution and then bypasses the sandbox protection to fully compromise the targeted system.