This is a proof-of-concept exploit for a local stack overflow vulnerability in Soritong MP3 Player 1.0. The exploit triggers a stack overflow by sending a specially crafted skin file. This vulnerability can be exploited to execute arbitrary code or crash the program.
This exploit takes advantage of a vulnerability in the Linux kernel version 2.6.30+ or RHEL5 2.6.18, specifically in the /dev/net/tun module. It allows for a null pointer dereference directly to arbitrary code execution. Additionally, it bypasses the mmap_min_addr protection via a SELinux vulnerability. The exploit was originally deemed unexploitable at the source level but due to gcc optimizations, it becomes exploitable. It is important to note that having SELinux enabled actually increases the risk against a large class of kernel vulnerabilities.
FireFly v1.0 discloses proxy passwords to local users.
This is a heap spray exploit for FireFox 3.5. It was originally discovered by Simon Berry-Byrne and pythonized by David Kennedy (ReL1K) at SecureState. The exploit creates a bind shell on port 5500 and uses the Shikata_Ga_Nai encoding.
FTP Now v2.6.14 discloses passwords to local users.
This exploit targets MailEnable versions Enterprise <= 1.04 and Professional <= 1.54. It allows an attacker to execute remote code via the Imapd service.
This exploit takes advantage of a buffer overflow vulnerability in Live For Speed 2 Version Z (.mpr) file format. The exploit allows an attacker to execute arbitrary code by overflowing the SEH (Structured Exception Handler) in the application. The original exploit can be found at http://www.milw0rm.com/exploits/9142. The exploit was modified by His0k4.
The MixVibes Pro software version 7.043 is vulnerable to a local stack overflow exploit. By creating a specially crafted .vib file, an attacker can trigger a stack overflow and potentially execute arbitrary code on the affected system.
This exploit allows an attacker to perform a blind SQL injection attack on Traidnt UP 2.0. It can retrieve the username and MySQL version from the targeted system. The exploit is authored by Qabandi from Kuwait.
By supplying a few bytes (0xEF 0xEF 0xEF) we can then manipulate the the registers taking full control over the application. A heap overflow occurred when manually testing lfs2. After overwriting the exception handler, there would only be 72 bytes left for the shell code to gain execution.
Services By CQR