This is a proof of concept for MS10-054 vulnerability. It is a remote code execution vulnerability in Microsoft Windows SMB Client. An attacker could exploit this vulnerability by convincing a user to connect to a malicious SMB server or by tricking a user into clicking on a specially crafted link. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with the privileges of the user.
This program sends corrupt client certificates to the SSL server which will 1) crash it 2) create lots of error messages, and/or 3) result in other "interresting" behavior.
CSRF exploit for wizmall 6.4 UTF-8 For php that allows changing admin ID and password.
This exploit allows an attacker to perform SQL injection on the statistics.php file in PHPKick v0.8. It works regardless of the PHP security settings, including magic_quotes and register_globals. This exploit is for educational purposes only and should not be used without permission. The exploit was found by garwga (ICQ#:453-144-667).
The FathFTP 1.8 ActiveX control is vulnerable to a buffer overflow when handling the EnumFiles method. An attacker can exploit this vulnerability to execute arbitrary code on a target system.
This exploit targets a buffer overflow vulnerability in FathFTP 1.8. By sending a specially crafted request to the vulnerable software, an attacker can overwrite the SEH record and execute arbitrary code. The exploit has been tested on Windows XP SP3 with Internet Explorer 6.
There is a buffer overflow vulnerability in the webappmon.exe CGI application included with HP OpenView NNM. This bug can be exploited by sending a cookie header with a maliciously crafted OvJavaLocale value. Code execution is likely achievable in a reliable way.
This exploit targets FathFTP version 1.8 and utilizes a buffer overflow vulnerability to execute arbitrary code. The exploit is written in VBScript and contains shellcode that launches the Windows calculator application. It has been tested on Windows XP SP3 with Internet Explorer 6.
The IOCTL call 0x829C0964(IOCTL_ASWFW_COMM_PIDINFO_RESULTS) of 'aswFW.sys' kernel driver Shiped with 'Avast! Internet Security 5.0' uses the user controlled First 4 bytes value To allocate a NonPagedPool without any value range checking then an integer overrun occurs. If 'aswFW.sys' received a first 4 bytes about to '0xFFFFFFFF' with an Irp then an invalid Sized Memory Pool allocated. After the invalid allocation, the kernel driver copys user controlled buffer into '[allocated pool+84h]' with too large copy length '0FFFFFFFFh' then the Memory Pool corrupted.
The exploit involves spraying the JIT memory pages with nops + egghunter combined with a call to VirtualProtect() to mark the newly found shellcode as executable and then jumping to it. By spraying so many pages, the exploit becomes reliable working 9/10 times.
Services By CQR