This exploit targets the "xtellmail" command in dSMTP - SMTP Mail Server 3.1b on Linux. It uses a format string vulnerability to gain remote root access. The exploit sends a specially crafted packet to the server, overwriting the return address and executing shellcode to spawn a reverse shell. This allows the attacker to gain full control of the server.
Attacker can create user and host on the target system by exploiting the vulnerability in the admin/hosting/addsubsite.asp page.
This exploit is a brute force attack on the DMhpux FTPd REST bug. It sends false login credentials and then attempts to brute force the REST command with a range of values.
This code is a setuid ARPUS/ce exploit that can be used to escalate privileges on a system. It overwrites the /etc/ld.so.preload file, which can severely impact the system. The exploit takes advantage of a vulnerability in the ce program, which drops privileges under certain conditions. By exporting a faulty display, the program does not drop privileges, allowing the attacker to gain root access.
This exploit takes advantage of a format string vulnerability in the Snmppd SNMP proxy daemon. The vulnerability allows an attacker to hijack the Global Offset Table (GOT) entry of the strdup function. The exploit is successful on the third attempt.
This exploit allows an attacker to execute arbitrary code on a vulnerable Golden FTP Server Pro version 2.5.0.0 and prior. By sending a specially crafted overflow string to the server, an attacker can gain a shell on port 4444. The exploit has been tested on Windows XP SP1 and SP2. Restarting the server is required after the exploit is successful. The workaround is to upgrade to a newer version or use another FTP server.
The NotJustBrowsing 1.0.3 application discloses passwords to local users.
This exploit allows remote attackers to execute arbitrary code via a long GET request to the webtool component. The vulnerability is caused due to a boundary error within the webtool when handling requests with overly long URIs. This can be exploited to cause a stack-based buffer overflow via a specially crafted GET request.
The vulnerability allows remote attackers to execute arbitrary commands via the index.cgi script, related to improper shell metacharacter handling in the art parameter.
This exploit takes advantage of a buffer overflow vulnerability in the Yager game version 5.24. It allows an attacker to execute arbitrary code on the target system by sending a specially crafted packet. The exploit targets the binkw32.dll library in Windows XP Pro SP1 GER.
Services By CQR