Exploits | Core Security

The specific flaw exists within the Connect method in webeye.ocx module.The control does not check the length of an attacker-supplied string in the Connect method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process.

ADAMView is prone to a buffer overflow when handling specially crafted GNI files

An integer overflow in OLE allows remote code execution. This update contains a module exploiting the vulnerability by hosting a web site and epxloiting connecting Internet Explorer browsers.

Eudora Qualcomm WorldMail IMAPd Service is prone to a buffer overflow SEH gets overwritten when using UID command.

An integer overflow in OLE allows remote code execution. This update contains a module exploiting the vulnerability by hosting a web site and epxloiting connecting Internet Explorer browsers.

This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds support for Windows XP sp0 and sp1.

This update includes a module implementing a DHCP server that'll attack querying hosts using the GNU Bash Environment Variables Injection vulnerability.

This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability.

This update adds support for Windows 8, Windows 8.1 and Windows 2012 platforms.

This module exploits a vulnerability in Apache Struts. The specific vulnerability is in the ParametersInterceptor, which allows a direct manipulation of the ClassLoader and as a result an attacker can execute arbitrary Java code in the target machine.

This update adds support for Apache Struts 2.3.16, Windows (x86 and x64) and Linux (x64) platforms.

Subscribe to Exploits

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum