rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers like Cookie, User-Agent etc. Remote unauthenticated attackers can send concurrent HTTP requests using an incrementing or specific payload range of junk characters for values in the URL parameters or HTTP headers sent to the server. This results in hfs.exe server crash from an invalid pointer write access violation.
The exploit takes advantage of a buffer overflow vulnerability in Quick Player version 1.3. By creating a specially crafted '.m3l' file and loading it into the application, an attacker can execute arbitrary code and gain control over the affected system.
This exploit demonstrates a local buffer overflow vulnerability in Frigate version 3.36.0.9. By pasting a specially crafted input into the 'Command Line' field of the Frigate application, an attacker can execute arbitrary code and gain control of the system. This exploit triggers the execution of the calc.exe program as a proof of concept.
Attacker can bypass login page and access the dashboard page by exploiting the vulnerability in the 'admin/index.php' file using the payload '=''or'. The proof of concept shows the steps and payload used for the exploit.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
This exploit allows an attacker to execute arbitrary code remotely on the Online Marriage Registration System version 1.0. The vulnerability requires authentication, but the system allows free user registration which is enough to exploit the system.
This script will leak the 'activation_key' value for the user who's ID is set to 1 in the database. The activation key can be used to reset that user's password to whatever you want, bypassing the need to crack a hash. An example password reset URL would be: '/login.php?action=password-reset&value=[ACTIVATION CODE LEAKED FROM DB]'
RCE PoC for CVE-2020-0796 "SMBGhost"
This exploit allows an attacker to bypass authentication in VMware vCenter Server 6.7. It works by exploiting a vulnerability in the server that allows unauthorized access. The exploit is written in Python and can be used on both Windows and Linux systems. It also includes a vulnerability checker to determine if a system is vulnerable.
The exploit allows bypassing the IP spoofing protection in Crystal Shard http-protection version 0.2.0. By hardcoding values in the X-* headers, an attacker can bypass the middleware's detection of spoofing attacks.
Services By CQR