The OCP-103 application is vulnerable to command execution due to improper handling of user input. By manipulating the 'req_path' parameter and injecting malicious code through the 'funcs.php' script on an evil host, an attacker can execute arbitrary commands on the target system. The provided example demonstrates how to execute the 'ls' command on the target system.
This exploit adds an Administrator account with the username and password set as X.
With spoofed attachments, we could 'steal' files (after a warning?) if the message was forwarded (not replied to). Within text/html part, use </x-html> to get back to plaintext, no need for NUL or linebreak or nothing: </x-html>. Attachment Converted=00: "c:winntsystem32calc.exe". Attachment Converted=: "c:winntsystem32calc.exe". Attachment Converted: "c:winntsystem32calc.exe"
This exploit takes advantage of a buffer overflow vulnerability in some old Monolith games. It allows an attacker to overwrite the return address with a specific payload. The payload is a string that starts with 'secure' followed by a long string of 'a' characters and ends with a specific sequence of bytes. The return address is overwritten with the value 0x%08lx. The exploit can be used against vulnerable versions of Alien versus predator 2, Blood 2, No one lives forever, and Shogo.
The remote host is running WordPress BLOG, a web blog manager written in PHP. The remote version of this software is vulnerable to an HTTP-splitting attack wherein an attacker can insert CR LF characters and then entice an unsuspecting user into accessing the URL. The client will parse and possibly act on the secondary header which was supplied by the attacker. Solution: Upgrade to the latest version of this software Risk factor: Medium
The vulnerable code is in /cms/FCKeditor/editor/filemanager/connectors/php/config.php file. The 'Enabled' variable is set to true, allowing unauthorized access to the file. This can be exploited to upload a shell remotely.
This exploit allows remote code execution in Icecast version 2.0.1 and below on Win32 systems. The exploit sends a malformed HTTP GET request to the target server, causing it to execute arbitrary code. The shellcode included in the exploit downloads and executes a shell on port 9999 from http://www.elitehaven.net/ncat.exe.
This is a public exploit for RevokeBB 1.0 RC11 that takes advantage of a SQL injection vulnerability. The severity of this vulnerability is critical.
The exploit takes control by overwriting the pointer of a Structured Exception Handler, installed by WhatsUP and points to a routine that handles exceptions. The overflow string has to be around 4080 in length to generate an exception that can be manipulated by changing the SEH pointer.
An attacker can exploit a vulnerability in the user registration and login functionality of a website to escalate their privileges to administrator level. By submitting a specially crafted form, the attacker can inject the value '1' into the database file, granting them administrator privileges.
Services By CQR