There is a security hole in the 3Dmax backburner Manager where the default listen port is 3234. It can be exploited by sending a long string, causing a denial of service.
The exploit constructs a fake zend hash table and sends it in the first request. The second request triggers a memory interruption and uses the memory allocated for the hashtable, which contains the data from the previous request, including the pDestructor pointer pointing to the nop+shellcode. This happens in the zend_hash_destroy function.
This exploit takes advantage of a buffer overflow vulnerability in the DCOM RPC service on Windows systems. It allows an attacker to execute arbitrary code on the target system.
GDIPLUS fails to handle exceptional condition when opening malicious .ico files. This result in a remote explorer crash (via IE), and a constant loop crash if the ico file is located on the desktop
This exploit targets the MailEnable IMAP Service and allows for remote buffer overflow. It affects MailEnable versions Pro v1.52 and Enterprise v1.01. The exploit code was discovered by Nima Majidi at www.hat-squad.com and was developed by class101 at www.hat-squad.com and dfind.kd-team.com. The vulnerability has been fixed and the patch can be found at http://mailenable.com/hotfix/MEIMAPS-HF041125.zip.
This is an exploit for atari800 that allows an attacker to gain root access. The exploit takes advantage of a buffer overflow vulnerability in the program.
The cdda library only reserves 20 bytes for names when files are "*.cda". By creating a malicious m3u file with a long name, an attacker can overwrite the stack and execute arbitrary code.
This is a stack overflow exploit for the unpublished prozilla-1.3.6 format string/buffer overflow vulnerability. It allows an attacker to execute arbitrary code by sending a specially crafted HTTP request. The exploit has been tested successfully against current versions of Gentoo, Slackware, Debian, and SUSE. The client side can be exploited by sending a request to proz hostname:port/anyfile.name, with the default listen port being 8080. The shellcode used in the exploit is a custom shellcode with no control characters. The NOPs in the shellcode will be patched for an attacker-defined IP and port at runtime.
This is a SQL injection exploit for IPB version 2.3.5. It allows an attacker to execute arbitrary SQL queries through the $_POST parameter. The exploit is optimized for speed and does not leave suspicious logs. It also includes pretesting to check if the target is vulnerable.
This exploit creates a fake FTP server on your machine, waiting for the connection of an FTP client. After the exploit is sent a shell (command prompt) is spawned on port 5555 of the target machine. This exploit works locally or remotely.
Services By CQR