This exploit takes advantage of a buffer overflow vulnerability in sash-3.7. By providing a long string of 'A' characters as an argument to the program, it causes a segmentation fault and allows for arbitrary code execution. The exploit includes a shellcode that spawns a shell.
This exploit allows an attacker to execute arbitrary commands on a remote system through the Includer.cgi script. The script takes user input and injects it directly into the URL, allowing for command injection.
This exploit allows remote attackers to execute arbitrary code on a vulnerable system using Internet Explorer with OWC installed. The payload used in this exploit is a Metasploit shellcode that executes the calc.exe calculator. The payload is converted to UTF-16 encoding before being sent to the target system.
This exploit demonstrates a buffer overflow vulnerability in FlyHelp .CHM File. It allows an attacker to execute arbitrary code by providing a specially crafted .CHM file. The vulnerability is caused by a lack of proper input validation when parsing the .CHM file, which allows an attacker to overwrite the stack and control the program execution flow.
This exploit allows an attacker to execute arbitrary commands on the target system by exploiting a vulnerability in the Includer CGI <= 1.0. The vulnerability is due to the improper use of the 'Open' function. By sending a specially crafted request, an attacker can inject arbitrary commands and execute them on the target system.
This exploit targets Firefox version 3.5 and uses heap spray technique to execute malicious code. It was discovered by Simon Berry-Bryne and coded in Perl by netsoul from ALTO PARANA - Paraguay. The exploit listens on port 8080 and sends a payload. After 30 seconds, it expects a connection on port 5500 using netcat.
This is a script that exploits a remote SQL injection vulnerability in the PHPNuke Top Module. It allows an attacker to retrieve the passwords hashes of the admin users.
P2P Share Spy 2.2 discloses passwords to local users. The exploit retrieves the program's opening password by querying the Windows registry.
This exploit targets the Microsoft WordPerfect Document Converter. It allows an attacker to overflow the buffer and execute arbitrary code. The exploit has several targets, and the return address can be found using the 'findhex' command with the DLL name and either FF D4 (call esp) or FF E4 (jmp esp) as parameters. The vulnerability was discovered by Yuji 'The Ninja' Ukai, and the 'findhex' tool was developed by Jason Jordan. The shellcode used in the exploit was taken from Metasploit. The exploit itself was developed by valgasu and RstAck.
Two vulnerabilities have been found in the Real Helix DNA streaming server. The first vulnerability occurs during a 'RTSP' request handling, where an empty 'DataConvertBuffer' parameter can cause the server to raise an exception, leading to a crash. The second vulnerability occurs during the 'SETUP' request handling, where a missing byte in the request line can cause the process to crash with an access violation.
Services By CQR