This exploit takes advantage of a remote SQL injection vulnerability in the savepreferences() function of Geeklog version 1.5.2 and earlier. The vulnerability allows an attacker to manipulate the $_POST[] variables passed to the function, potentially leading to unauthorized access or data manipulation. The vulnerability is located in the usersettings.php file, specifically near lines 1467-1480. The savepreferences() function does not properly sanitize user input, allowing for SQL injection attacks. This exploit sets various $_POST[] variables to specific values, bypassing any input validation or sanitization and potentially executing arbitrary SQL queries.
This exploit targets Star Downloader Free version <= v1.45. It exploits a Universal SEH (Structured Exception Handling) Overwrite vulnerability in the handling of .dat files. By creating a specially crafted file, an attacker can overwrite the SEH chain and execute arbitrary code.
This exploit takes advantage of the program's failure to encode the proxy information. It allows an attacker to retrieve the proxy IP, username, and password from the program's memory.
Knet <= 1.04c is affected by a remote buffer overflow vulnerability in the GET command. An attacker can send a malicious request to overwrite the eip registry and execute malicious code.
This exploit is for the Shadow Stream Recorder program, which is vulnerable to a stack overflow when processing .m3u files. The exploit allows for the execution of arbitrary code.
This exploit takes advantage of a buffer overflow vulnerability in Steamcast's HTTP request handling. It is a SEH-based exploit that allows remote code execution. The exploit runs a shellcode that will be executed when the program is closed. It requires finding a DLL that is not compiled with GS (Stack Cookies) protection. The provided shellcode is the 'win32_adduser' payload from Metasploit, which creates a new user on the target system.
This exploit allows an attacker to cause a denial of service by sending a specially crafted request to the vulnerable FTP server. The vulnerability exists in the file globbing functionality of the wu-ftpd server. By sending a specific request, an attacker can cause the server to enter an infinite loop, consuming all available resources and making the server unresponsive.
This code is a modified version of the Huffman algorithm used in the Quake 3 engine. It is used for compressing and decompressing data. The code is taken from the Q3fusion project by Andrey Nazarov. The modified version includes changes to variables and function prototypes to improve performance and simplify usage.
This exploit utilizes three methods to exploit the vulnerability found in AWStats software. An attacker can execute remote code on a vulnerable machine with httpd privileges.
This exploit allows an attacker to retrieve sensitive data, such as usernames, IP addresses, and passwords, from Avaya IP Office Phone Manager. It works by querying the Windows registry for specific values and printing them to the console.
Services By CQR