The Hitachi NAS (HNAS) System Management Unit (SMU) before version 14.8.7825.01 is vulnerable to an Insecure Direct Object Reference (IDOR) issue. An attacker can exploit this vulnerability to download arbitrary files from the server. This vulnerability has been assigned CVE-2023-5808.
This is a scanner program written in C that is used to scan for the second dcom vulnerability (MS03-039). It is based on the work of buildtheb0x, kid, and farp, and also on packet sniffs of MS's dcom2 scanner.
The vulnerability exists in tcpdump v3.9.1 and earlier versions, as well as ethereal v0.10.10. It is caused by a single (RSVP) packet that triggers an infinite loop in the rsvp_print() function. Clicking on the packet or receiving ICMP replies can also trigger the vulnerability. The bug is present in the RSVP_OBJ_ERO and RSVP_OBJ_RRO classes.
This is a proof-of-concept exploit for MS05-016 vulnerability. The exploit is designed to create a .hta file which, when executed, runs a command to open Notepad.exe and then closes the window. It uses a specific pattern of characters to create a file named SAVE.DDD. The exploit code is written in C language.
The exploit allows an attacker to execute arbitrary code on a remote system running Pine version 4.56 or earlier. The exploit can be achieved using two methods: 1) standard shellcode and 2) ret to libc. The details of the exploit can be found in the iDefense advisory: http://www.idefense.com/advisory/09.10.03.txt. The exploit requires the distance from a variable to the EIP/EBP register, which can be bruteforced to achieve a high success rate. The exploit can be used to create a worm or gain control over the target system.
No detailed exploit description provided
CakePHP is vulnerable to a file inclusion attack because of its use of the "unserialize()" function on unchecked user input. This makes it possible to inject arbitrary objects into the scope.
The 'op', 'bop', 'ext', 'eop' arguments are not properly sanitized before including files from local resources, allowing for arbitrary file inclusion. The 'ext' argument can be used to inject PHP code into the 'cache/ext/statman/log.gtdat' file and execute commands. Additionally, the 'list.gtdat' file in the 'cache/users' folder exposes the MD5 password hashes of all admin and users. This can be exploited by crafting a specific value for the 'upass' parameter.
AYDrvNT.sys create a device called 'AYDrvNT_ALYAC' and handles the device io control code = 0x223e2c, which can overwrite the system service descriptor table entry with arbitrary address.
This exploit targets the 'Boutique' module in the 'Nuked Klan' content management system. It allows an attacker to manipulate the 'catid' parameter in the 'op=cat' action of the 'index.php?file=Boutique' URL, potentially leading to unauthorized access or other malicious activities.