JS execution inside ScriptForbiddenScope can lead to a use-after-free condition in Google Chrome.
There’s a task in Windows Task Scheduler called “SilentCleanup” which, while it’s executed as Users, automatically runs with elevated privileges. When it runs, it executes the file %windir%system32cleanmgr.exe. Since it…
LibreNMS 1.46 – ‘addhost’ Remote Code Execution
Linux/x86 – Chmod + Execute (/usr/bin/wget http://192.168.1.93//x) + Hide Output Shellcode (129 bytes)
Windows/x86 – Start iexplore.exe (http://192.168.10.10/) Shellcode (191 Bytes)
D-Link models DIR-652, DIR-615, DIR-827, DIR-615, DIR-657, and DIR-825 suffer from an administrative password disclosure vulnerability.
Linux/x86 – ASCII AND, SUB, PUSH, POPAD Encoder Shellcode
Windows/x86 – bitsadmin Download and Execute (http://192.168.10.10/evil.exe “c:evil.exe”) Shellcode (210 Bytes)
Spidermonkey IonMonkey incorrectly predicts return type of Array.prototype.pop, leading to type confusion vulnerabilities.
SuperDoctor5 implemented a remote command execution plugin in their implementation of NRPE that can be leveraged without authentication.