The TotalCalendar 2.4 web application allows remote attackers to change passwords via a crafted request.
This script is an exploit for the Addonics NAS Adapter bts.cgi vulnerability. It allows an attacker to send a malicious GET request that crashes the stack from the web GUI, causing a denial of service.
This exploit targets Einstein v1.01, a file sharing program that does not encode the user/pass in the registry. It allows an attacker to retrieve the username and password stored on the victim's PC.
This is an exploit for a remote buffer overflow vulnerability in Badblue 2.55 Web Server. The vulnerability allows an attacker to execute arbitrary code on the target system. The exploit sends a specially crafted HTTP request to the server, triggering the buffer overflow and gaining control over the server.
This exploit allows an attacker to trigger a local heap overflow in MagicISO CCD/Cue. The overflow occurs when handling certain file formats, leading to potential code execution.
This exploit targets Einstein v1.01 (and previous versions) and allows local users to disclose passwords. The exploit uses the RegOpenKeyEx and RegQueryValueEx functions to retrieve the values of the 'username' and 'password' keys in the 'Softwareeinstein' registry key. It then prints the retrieved username and password to the console.
Unprivileged database users can see APEX password hashes in FLOWS_030000.WWV_FLOW_USER.
This exploit takes advantage of a stack buffer overflow vulnerability in Elecard AVC HD Player. By sending a specially crafted header, an attacker can overwrite the Structured Exception Handler (SEH) and gain control of the program execution flow. The exploit code is provided in the form of a C file.
This is a proof of concept for a local heap overflow vulnerability in Apollo 37zz. By providing a specially crafted .M3U file, an attacker can trigger a heap overflow and potentially execute arbitrary code.
The BadBlue, Easy File Sharing application is vulnerable to a buffer overflow exploit. The vulnerability allows an attacker to execute arbitrary code on the target system. The vulnerability was discovered by Andres Tarasco and an exploit was released by class101 and metasploit.com. The affected version is v2.5, with versions 2.60 and below also likely to be vulnerable. The patched version is v2.61. The exploit relies on 6 bad characters that are not properly interpreted by BadBlue. The exploit uses offsets from ext.dll and is universal. The v2.5 version can be obtained from class101.org for exploitation practices. The exploit has been tested on Windows, but should also work on Linux.
Services By CQR