This exploit is for a remote buffer overflow vulnerability found in the muvee Technologies Text-Effect DXT Filter for autoProducer. The vulnerability exists in the Fontsetting property of the TextOut.dll version 6.0.18.1. The bug was discovered by Nine:Situations:Group::Trotzkista and more information can be found on their website at http://retrogod.altervista.org/. The affected software can be downloaded from http://www.muvee.com/en/ and includes muvee AutoProducer 6.0 and 6.1. The exploit has been tested on Windows 2003 Datacenter Edition with Internet Explorer 6 and Windows XP SP2 with Internet Explorer 6. The dll settings for this exploit are as follows: RegKey Safe for Script: False, RegKey Safe for Init: False, Implements IObjectSafety: True, IDisp Safe: Safe for untrusted: caller.
The Gravity Board X 2.0 Beta version is vulnerable to both SQL Injection and Cross-Site Scripting (XSS) attacks. In the XSS exploit, an attacker can inject JavaScript code into the title field when creating a new thread in the forum. In the SQL Injection exploit, an attacker can manipulate the search query parameter to execute arbitrary SQL commands.
This exploit is for FreeBSD/OpenBSD systems with bmon version less than 1.2.1_2 installed. When bmon is executed with the -n parameter, it uses popen() to execute netcat without providing an absolute path. Some BSDs have ACLs that do not allow setuid files to run unless explicitly allowed. Therefore, creating a file called netcat and chmod'ing +s bash would not work. In order to get a usable shell, stdout needs to be redirected to stderr (as stdout is closed), and the stty settings need to be restored. The exploit takes advantage of this vulnerability to execute a shell with elevated privileges.
This is a proof of concept exploit for a heap overflow vulnerability in the IIS NNTP Service. The exploit sends a specially crafted XPAT command to the server, causing a heap overflow. The vulnerability allows an attacker to execute arbitrary code on the targeted system.
The BiAnno.ocx file in Black Ice Software Annotation Plugin is vulnerable to a remote buffer overflow. By clicking on a button, an attacker can trigger the overflow and execute arbitrary code on the target system. This exploit has been tested on Windows XP Professional SP2 with Internet Explorer 7.
This exploit targets a remote buffer overflow vulnerability in the Black Ice Software Annotation Plugin (BiAnno.ocx) version 10.9.5.0. By crafting a malicious request, an attacker can trigger a buffer overflow condition, potentially leading to remote code execution. The vulnerability affects Windows XP Professional SP3 with Internet Explorer 7 and Windows 2000 Professional SP4 with Internet Explorer 6.
Exploit code that causes a buffer overflow in YahooPOPS v1.6 and prior versions on the SMTP port. The exploit binds a shellcode to port 101. This exploit has been tested on Windows 2000 SP4 and Windows XP SP1.
Attacker can enter to the admin pages by a manipulated cookie. SQL Injection in 'inc_routines.asp' in 'KeyWordsList' function on 'kwrd' parameter. Reflected XSS attack, and DB path disclosure in '/cms/_db/compact.asp'
The Black Ice Software Inc Barcode SDK (BITiff.ocx) is vulnerable to a remote buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code on the affected system. This exploit targets the BITiff.ocx file with the CLSID: {2324B5B7-D3EF-464C-BB35-06EFF8F11EB3}. It was written for educational purposes and should be used at your own risk. The author will not be responsible for any damage caused. The vulnerability affects Windows XP Professional SP3 fully patched, with Internet Explorer 7 and Windows 2k Professional SP4 fully patched, with Internet Explorer 6.
The script uses intval to convert the value of $shownews to an integer, making a normal Select Injection return nothing. However, it is still possible to inject and echo the right values using a simple CONVERT() or CAST() subquery. The table prefix is either "ps_" or "powie_" depending on the version. The script also uses a password encryption style.
Services By CQR