This exploit is a local Linux exploit within aeon-0.2a. It allows an attacker to gain unauthorized access to the system. The exploit uses a buffer overflow vulnerability in the aeon executable to execute arbitrary shellcode. The shellcode spawns a shell with root privileges. This exploit was coded by patr0n and released on security-tmp.h14.ru.
The Php AdminPanel Free version 1.0.5 is vulnerable to remote file disclosure. An attacker can exploit this vulnerability by accessing the download.php script and manipulating the 'file' parameter to disclose sensitive files on the server.
This exploit allows an attacker to perform arbitrary file upload, XSS, and SQL injection attacks on the Opial 1.0 website.
The application GetDataBack for NTFS v2.31 discloses license information (username and key) to local users.
The LionWiki script is vulnerable to directory traversal attacks. An attacker can exploit this vulnerability by manipulating the 'page' parameter in the index.php file to access files outside of the intended directory structure. This can lead to the disclosure of sensitive information such as the /etc/passwd file.
The exploit allows an attacker to disclose the database of Digitaldesign CMS v0.1. The vulnerability is due to the presence of an exposed autoconfig.dd file.
This proof of concept code demonstrates a vulnerability in the AIO (Asynchronous Input/Output) functionality in Linux. It allows a local attacker to escalate their privileges by reading arbitrary files with the permissions of the targeted process. The vulnerability exists due to improper handling of IOCBs (I/O Control Blocks) in the do_aio_direct_read() function. By exploiting this vulnerability, an attacker can bypass file permissions and read sensitive information.
This Perl script exploits a vulnerability in the 'Calendar Pro' Mod for phpBB version 2.0.33 and below. By sending a specially crafted request to the cal_view_month.php script, an attacker can execute arbitrary SQL queries and retrieve the MD5 hash of a user's password.
The exploit technique involves forking so that stunnel cannot find the attacker when it dies. Then sending stunnel a SIGUSR2 signal, which generally kills programs. Since the attacker is a child of stunnel, the OS will deliver the signal. Finally, the attacker selects on the leaked descriptor and starts serving pages.
This is a remote heap buffer overflow vulnerability in the Windows Internet Name Service (WINS). The vulnerability allows an attacker to execute arbitrary code by sending a specially crafted packet to the WINS service.