Exploits 1119 - exploit.company

RealVNC Windows Client DoS

This exploit targets the RealVNC Windows Client and causes a Denial of Service (DoS). The vulnerability is triggered by sending a crafted packet to the VNC server, causing the client to crash. The specific vulnerability details are as follows: AppName: vncviewer.exe, AppVer: 4.1.2.0, ModName: vncviewer.exe, ModVer: 4.1.2.0, Offset: 000229e0. The exploit code listens on port 5900, accepts a client connection, negotiates the protocol, accepts the security type, and sends a crafted packet to trigger the DoS.

7.5

CVSS

HIGH

Denial of Service

Unknown

CWE

Product Name

RealVNC Windows Client

Affected Version

Ability Server 2.34 Remote buffer overflow exploit

This exploit targets Ability Server 2.34 and uses a remote buffer overflow vulnerability in the ftp STOR command. It allows an attacker to gain unauthorized access to the target system.

7.5

CVSS

HIGH

Remote buffer overflow

Affected Version

class101 [at] DFind.kd-team.com [&] #n3ws [at] EFnet

vendor:

MiniShare

MiniShare <= 1.4.1 Remote Buffer Overflow Exploit

This exploit allows for a remote buffer overflow in MiniShare <= 1.4.1. It binds a shellcode to port 101.

7.5

CVSS

HIGH

Remote Buffer Overflow

Windows XP SP1 English, Windows 2000 SP4 English, Windows NT SP6 English

Affected Version

Perl Shellcode Exploit

This Perl script exploits a vulnerability to execute shellcode. It utilizes the x86/shikata_ga_nai encoder from Metasploit and calls the user32.dll function to execute the calc.exe program. The exploit is tested on Windows XP SP3.

Affected Version

Digital Security Research Group [DSecRG]

vendor:

Dokeos

DSecRG Advisory #DSECRG-08-029

Dokeos E-Learning System system has local file include vulnerability in script user_portal.php. Registered user can use this vulnerability.

Affected Version

IceBB Blind SQL Injection

This exploit allows an attacker to manipulate a query by adding a backslash at the end of an input that is between two quotes in a query. By doing this, the end quote will be ignored and an error can be triggered. This vulnerability exists in the IceBB <= 1.0-RC9.2 CMS.

Affected Version

IntelliTamper 2.07 Remote Code Execution (server header)

This exploit allows remote code execution in IntelliTamper version 2.07 by exploiting a vulnerability in the server header. The exploit assumes the target is scanning 'http://127.0.0.1' and may not work for other variations of the target URL.

7.5

CVSS

HIGH

Remote Code Execution

Affected Version

MojoAuto Blind SQL Injection Exploit

This is a Perl script that exploits the MojoAuto blind SQL injection vulnerability in the mojoAuto.cgi script. It allows an attacker to extract the MD5 hash of a password.

Affected Version

SITEMAP1 INTELLITAMPER

This is a Perl script that exploits an ancient vulnerability to improve skills on Windows exploitation. The script contains a shellcode that executes the calc.exe program.

3.3

CVSS

LOW

Ancient vulnerability

Affected Version