This exploit targets the 'password' parameter in SyncBreeze version 10.0.28, causing a remote buffer overflow. The exploit allows an attacker to execute arbitrary code on the target system.
This exploit allows an attacker to inject malicious code into the title section of the osCommerce 2.3.4.1 admin panel, leading to persistent cross-site scripting.
The Wondershare Driver Install Service help version 10.7.1.321 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker with local access to escalate privileges and execute arbitrary code with elevated privileges. The vulnerable service, ElevationService, has an unquoted service path that could allow an attacker to place a malicious executable in a higher privileged directory, which will be executed when the service is started.
This module exploits an unauthenticated command injection vulnerability found in ZeroShell 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar options.
This vulnerability allows an attacker to inject a malicious script directly into a vulnerable web application. In the case of nopCommerce Store 4.30, the XSS payload can be injected in Schedule tasks. When a user visits the page with the injected payload, the XSS is triggered, allowing the attacker to steal cookies.
This exploit allows an attacker to execute malicious JavaScript code in a vulnerable field in LifeRay 7.2.1 GA2. The attacker can phish user credentials by prompting them to enter their email and password, which are then logged to the console and sent to the attacker's website.
The Boxoft Audio Converter version 2.3.0 is vulnerable to a local buffer overflow (SEH) exploit. By opening a specially crafted '.wav' file, an attacker can trigger the buffer overflow and potentially execute arbitrary code.
This exploit allows an attacker to execute arbitrary code on a vulnerable system. By providing a specially crafted 'wav' file, an attacker can trigger a buffer overflow condition, overwrite the Structured Exception Handler (SEH) chain, and gain control of the program's execution flow. This exploit includes a bind shell on port 4444.
This exploit targets a stack based buffer overflow vulnerability in the IBM Tivoli Storage Manager Command Line Administrative Interface version 5.2.0.1. By exploiting this vulnerability, an attacker can execute arbitrary code or crash the application. The vulnerability occurs when the 'id' field is not properly validated, allowing the attacker to overflow the buffer and overwrite the EIP register. This exploit provides a step-by-step usage guide and includes the necessary code to trigger the vulnerability.
The vulnerability allows remote attackers to execute arbitrary code on the target system.
Services By CQR