This exploit takes advantage of a vulnerability in the Remote Desktop Protocol (RDP) service, allowing an attacker to execute arbitrary code on a vulnerable system. The exploit uses a specially crafted payload to trigger the vulnerability and gain control of the target system.
This exploit allows local code execution in Open Office.org 2.31 swriter. It spawns calc.exe if successful.
The Ktools Photostore version 3.5.2 is vulnerable to a remote SQL injection attack in the crumbs.php file. This exploit only works when magic quotes are turned off. The vulnerability allows an attacker to inject malicious SQL queries through the 'gid' parameter in the URL, leading to unauthorized access to the database. The exploit was discovered by DNX.
This exploit allows an attacker to execute arbitrary code on a target system by exploiting a buffer overflow vulnerability in WinRar. The exploit takes advantage of a crafted RAR header and launches a local cmd.exe shell. The targets for this exploit are WinXP SP1 user32.dll [0x77D718FC] and WinXP SP2 user32.dll [0x77D8AF0A]. The exploit also requires the presence of WinRar 2.x series. The system() function from msvcrt.dll is used to execute the shellcode.
TFTPServer SP v1.4 is vulnerable to a very long TFTP Error Packet which can lead to a buffer overflow. This exploit will overwrite the .bss section and some portion of the .idata section to patch function addresses in the IAT. The exploit can be used to either target the TFTPServer Service or the RunStandAlone version. For the TFTPServer Service, the time() function will be patched, while for the TFTPServer StandAlone program, the printf() function will be patched.
This exploit allows an attacker to perform various actions such as adding a user to the admin group, downloading a file from an HTTP server, sending a reverse shell to a specified IP on a specific port, and binding a shell on the exploited machine. The exploit is provided as is and the author disclaims any liability for its use.
Input passed to the "cat" parameter is not properly verified before being used to sql query. This can be exploited thru the browser and get the username and hash md5 password from admin. Successful exploitation requires that "magic_quotes" is off
The vlBook 1.21 script is vulnerable to multiple remote vulnerabilities including Local File Inclusion (LFI) and Cross-Site Scripting (XSS). These vulnerabilities can be exploited by an attacker to execute malicious code or access sensitive information on the target system.
This script will exploit a Blind SQL Injection Vulnerability in ODFaq v2.1.0
This exploit is a remote root exploit targeting Samba. It uses a connect back method and brute force mode to gain root access. The code is created and modified by Schizoprenic from Xnuxer-Labs in 2003. The exploit is for educational purposes only.
Services By CQR