This exploit targets VUPlayer version 2.49 and utilizes a stack overflow vulnerability in the handling of .asx files. By crafting a malicious .asx file, an attacker can trigger a stack overflow, potentially allowing for the execution of arbitrary code.
The vulnerability exists in the 'authorize.php' file of the Fast FAQs System. It allows an attacker to inject malicious SQL code into the 'userid' and 'pass' parameters, potentially bypassing authentication and gaining unauthorized access to the admin panel. The provided exploit payload 'or '1=1' demonstrates the SQL injection attack.
A remote code execution vulnerability exists in the way that cursor, animated cursor, and icon formats are handled. An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
This exploit demonstrates a local stack overflow vulnerability in VUPlayer version 2.49. The vulnerability can be triggered by opening a specially crafted .asx file. The exploit code provided causes a stack overflow by sending a long string of A characters. This can lead to remote code execution or a denial of service condition.
This exploit targets the IntelliTamper (2.07/2.08) Language Catalog software. It utilizes a SEH overflow technique to overwrite the pointer to the SEH handler, allowing for control over the program. The vulnerability was discovered by 'Cnaph'. By opening a crafted .CAT file through the software's 'File' > 'Options' menu, the SEH can be overwritten.
This exploit allows remote attackers to execute arbitrary PHP code on a target system running XOOPS 2.3.2 with register globals enabled. The vulnerability exists in the onupdate.php, oninstall.php, and notification.php files in the xoops_lib/modules/protector/ directory. By sending a specially crafted request with a malicious PHP code as the 'mydirname' parameter, an attacker can execute arbitrary code on the target system.
This exploit targets GOM Player version 2.0.12 and utilizes a stack overflow vulnerability in the ASX file format. The exploit code is provided by DATA_SNIPER and can be used to execute arbitrary code. The vulnerability was initially reported by Parvez Anwar in Secuina. The exploit is Universal as it uses an internal address (in GOM.exe) to JMP and run the shellcode. SEH Method can be implemented for a variant exploit.
This code exploits a remote code execution vulnerability in Cisco IOS 12.x/11.x. It takes advantage of an integer overflow in the URL and uses a memory leak in the IOS 11.x UDP Echo service for shellcode placement and address calculation. The code supports exploitation of any 11.x Cisco 1600 and 2500 series routers that have 'ip http server' and 'service udp-small-servers' enabled. The exploit sends 2 Gigabytes of data to trigger the overflow, which may take several days depending on the target's connection. The shellcode used varies depending on the specific IOS version. For Cisco 1600 routers running 11.3(11b) IP only, a runtime IOS patching shellcode is used to disable VTY and enable access passwords. For other 11.x IOS versions or when code patching is more complicated, the shellcode replaces all passwords in the configuration with 'phenoelit' and reboots the router.
This script exploits a buffer overflow vulnerability in Cain & Abel v4.9.25 (and below) to execute arbitrary code. By importing the generated file as a config file under Cracker -> Cisco IOS-MD5 Hashes, an attacker can gain control of the target system. The exploit uses a return address to the 'call esp' instruction in kernel32.dll to redirect the execution flow to the attacker's shellcode. The shellcode used in this exploit is a Metasploit generated payload that executes the 'calc.exe' program. Note that the return address may need to be adjusted to match the target system.
The DECRQSS Device Control Request Status String DCS $ q command in xterm echoes invalid commands, allowing an attacker to run arbitrary commands by including them in the DCS string. This can be exploited by sending a malicious email or by having the DCS string logged in syslog and viewed by a privileged user.
Services By CQR