This exploit is a Denial of Service (DoS) attack targeting Microsoft SQL Server. It allows an attacker to crash the server by sending a large buffer size. The exploit was developed by refdom of xfocus.
This exploit creates a fake FTP server on your machine, waiting for the connection of an application that uses the WodFtpDLX.ocx ActiveX Control. After the exploit is sent the application will crash, trying to access a bad memory address: 0xDEADCODE. This exploit can be executed locally or remotely.
The addalink <= 4 - beta program is vulnerable to unauthenticated remote code execution. By modifying the URL parameters, an attacker can bypass the moderation process and insert links without approval. The vulnerability lies in the add_link.php file, where the SQL query does not properly validate the 'approved' and 'counter' values, allowing an attacker to inject their own values into the query. This can lead to unauthorized links being published on the website and potential code execution. The vulnerability can be exploited by modifying the URL parameters and adding '&approved=1&email=my@email.com&description=blablablablablablabla&category_id=1' to bypass the approval process and insert links without moderation. The 'counter' value can also be manipulated to alter the visit counter.
This is an exploit for a SQL injection vulnerability in Invision Power Board versions 2.0.0 to 2.0.2. The exploit allows an attacker to execute arbitrary SQL queries and potentially gain unauthorized access to the database.
The "<? quicktime type= ?>" tag fails to handle long strings, leading to a heap overflow in Quicktime/Itunes media player. This bug can be exploited remotely or locally by supplying a file with a recognized header that does not correspond to the file type. This can be done by embedding XML in a mp4, mov, etc. or in an HTML page, causing a remote crash on browsers using the Quicktime plugin. Code execution may be possible.
This is a Perl script that exploits a vulnerability in phpBB version 2.0.10 and below to execute remote commands. The exploit takes advantage of a security issue related to search highlighting. The script has been successfully tested on versions 2.0.6, 2.0.8, 2.0.9, and 2.0.10. The exploit allows an attacker to execute arbitrary commands on the target system.
Input passed to the "rel_path" parameter in config.php page is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled.
This exploit involves a buffer overflow vulnerability in the SLMAIL remote password feature. By sending a specially crafted payload, an attacker can overwrite a memory address and execute arbitrary code. The exploit code is provided in the form of shellcode. The vulnerability allows an attacker to gain unauthorized access to the target system.
This exploit allows for the execution of arbitrary code on Windows XP SP2 with Internet Explorer 6.0 SP2. It takes advantage of a buffer overflow vulnerability in the Windows Media Encoder's wmex.dll ActiveX control.
This script allows an attacker to execute arbitrary commands on the target system by exploiting a command injection vulnerability in the GFHost web server. The vulnerability exists due to improper input validation of user-supplied data in the 'OUR_FILE' parameter of the 'dl.php' script. By manipulating this parameter, an attacker can inject malicious commands that are executed with the privileges of the web server, potentially leading to unauthorized access, data exfiltration, or system compromise.
Services By CQR