This exploit allows an attacker to execute arbitrary code on a target system running the DB2TEST database. The exploit requires the presence of a GUEST account with the password QQ on the target system. It sends a specially crafted payload to the target system's port 50000 to execute the code.
This exploit targets UltraISO version 9.3.3.2685 and allows for a universal buffer overflow. It was discovered and exploited by SkD (skdrat@hotmail.com). The exploit involves opening either a CCD or IMG file in UltraISO. Note that opening the CCD file will also cause an access violation in MagicISO. Private exploits are available for sale by contacting the author at skdrat@hotmail.com. The author holds no responsibility for any damage caused by this exploit.
eXeem v0.21 discloses passwords for proxy settings to local users.
This exploit is a Perl script that demonstrates remote code execution vulnerability. It uses the cohelet framework-3.2 and the meterpreter payload to establish a reverse TCP connection. The exploit was tested on Windows 2000 SP4 and Windows 2003 R2 SP2 without NX support. The exploit opens a meterpreter session on the target machine and allows the attacker to execute commands on the compromised system.
PeerFTP_5 discloses passwords to local users.
This exploit allows an attacker to execute arbitrary code on a vBulletin 3.0.1 website by injecting malicious code into the 'template' parameter of the 'misc.php?do=page' URL. The attacker can execute system commands or PHP functions using this vulnerability.
Input passed to the "pk" parameter in browse.php page is not properly verified before being used into sql queries. This vulnerability can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
This is a heap remote exploit for cfengine rsa. It allows an attacker to gain root access on vulnerable systems.
The BandSite CMS 1.1.4 is vulnerable to SQL Injection attacks in the member_content.php file. An attacker can manipulate the 'memid' parameter to execute arbitrary SQL queries. Additionally, the CMS allows an authenticated administrator to upload malicious files, which can be used to gain unauthorized access to the system.
This is a two steps exploitation: the format bug is used to compute a buffer that will overwrite the stack later, resulting in a SEH overwriting. The exploit works for both the GUI and the console servers.
Services By CQR