OS X Regex Engine (TRE) - Stack Buffer Overflow Vulnerability

Exploit for macOS platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=428 OS X Libc uses the slightly obscure TRE regex engine http://laurikari.net/tre/ If used in enhanced mode by passing the REGENHANCED flag to regcomp TRE supports...

xtcModified 1.05 - Multiple HTML Injection Cross-Site Scripting Vulnerabilities

xtcModified 1.05 - Multiple HTML Injection Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/46681/info xtcModified is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful...

Multi Website 1.5 - search HTML Injection

Multi Website 1.5 - search HTML Injection source: https://www.securityfocus.com/bid/43245/info Multi Website is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow...

Oracle 10g (Windows x86) - 'PROCESS_DUP_HANDLE' Local Privilege Escalation

// Argeniss - Information Security // // Oracle Database local elevation of privileges PoC exploit // // Author: Cesar Cerrudo include include BOOL InjectShellcodeDWORD oldEIP,CHAR oSID HMODULE hKernel; FARPROC pCreateProc; LPSTR sCommand="cmd.exe"; DWORD dwStrLen; CHAR buff100;...