Trivial fuzzing of molebox archives revealed a heap overflow decrypting the packed image in moleboxMaybeUnpack. This vulnerability is obviously exploitable for remote arbitrary code execution as NT AUTHORITYSYSTEM.
>> CATEGORY: exploit
The attached Microsoft Access Database causes JetDb::IsExploited4x to be called, which contains an unbounded search for objects.
The attached file crashes in CmdExtract::UnstoreFile because the signed int64 DestUnpSize is truncated to an unsigned 32bit integer. Perhaps CmdExtract::ExtractCurrentFile should sanity check Arc.FileHead.UnpSize early. The researcher observed this crash…
An independent vulnerability laboratory researcher discovered a local buffer overflow web vulnerability in the official Aeris Calandar v2.1 software.
An independent vulnerability laboratory researcher discovered a code execution vulnerability in the official POP Peeper v4.0.1 software.
The Vulnerability Laboratory Core Research Team discovered a client-side cross site scripting web vulnerability in the official Western Union China web-application.
An independent vulnerability laboratory researcher discovered an application-side cross site scripting web vulnerability in the WordPress Content Text Slider v6.8 web-application.
Microsoft Internet Explorer 11 suffers from a MSHTML!CObjectElement use-after-free vulnerability.
appRain version 4.0.3 suffers from a path traversal vulnerability.
appRain version 4.0.3 suffers from multiple cross site scripting vulnerabilities.