This exploit takes advantage of a vulnerability in the man-db package. By exploiting the open_cat_stream() function, an attacker can escalate their privileges and gain root access on the system. The exploit involves creating fake manpage directories and files, compiling a source file, and executing man-db/man.
This exploit allows an attacker to perform blind SQL injection on Aiyoota! CMS. The vulnerability was discovered by Lidloses_Auge and the exploit was coded by the same author. The exploit works by injecting SQL queries into the target CMS.
This exploit takes advantage of a vulnerability in the Windows Installer Service to escalate privileges and impersonate the Local System account. It replaces the Utility Manager with Notepad, allowing the user to run Notepad as the Local System.
EvansFTP ActiveX is vulnerable to a remote buffer overflow. The properties RemoteAddress, ProxyPrefix, ProxyName, Password, ProxyBypassList, LoginName, and CurrentDirectory all suffer from buffer overflow when long strings are passed. The specific lengths at which each property overflows are mentioned.
This exploit targets ProSysInfo TFTP server TFTPDWIN version 0.4.2 and below. It allows a remote attacker to execute arbitrary code on the target system by sending a specially crafted request. The exploit takes advantage of a buffer overflow vulnerability in the software. The exploit author has provided a universal payload that works on all Windows versions. The exploit uses a custom shellcode to execute the 'calc' command. The author warns that they have no responsibility for any damage caused by using this exploit.
This script allows an attacker to perform brute force attacks on a Webmin installation and execute arbitrary commands on the target system.
The binfmt_elf uselib VMA insert race vulnerability allows local attackers to gain root privileges by causing a denial of service (system crash) and possibly execute arbitrary code via a uselib call with a crafted ELF program.
This is an exploit for a privilege escalation vulnerability in eZ Publish versions >= 3.5.6. The vulnerability allows an attacker to escalate their privileges and gain administrative access to the eZ Publish system. The exploit sends a malicious request to the target server, creating a new admin account with the provided username, password, and email. The new admin account will be activated and registered in the system.
This exploit targets the EasyMail MailStore Object ActiveX control in the emmailstore.dll file. It allows attackers to perform heap spraying attacks.
A format string error has been found on the 'vinagre_utils_show_error()' function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user.
Services By CQR