The Siteman 2.X application is affected by multiple vulnerabilities including code execution, local file inclusion (LFI), and cross-site scripting (XSS). The code execution vulnerability allows an attacker to execute arbitrary code on the server. The LFI vulnerability allows an attacker to read files on the server. The XSS vulnerability allows an attacker to inject malicious code into the application. These vulnerabilities can be exploited remotely.
The exploit creates a film.ssa file that can be used to trigger a buffer overflow vulnerability in Kantaris Media Player.
This exploit allows for the execution of arbitrary code in DivX Player version 6.7.0 by parsing a specially crafted srt subtitle file. The exploit was developed by lhoang8500@gmail.com and tested on Windows XP SP2 + DivX Player 6.7.0. The exploit takes advantage of a technique different from the previously posted DivX 6.6.0 exploit. It relies on converting shellcode and return addresses to unicode, and overwriting the SEH structure address at FS:[0]. The exploit requires the subtitle file to be encoded in UTF8 format. When the exploit is successful, the Calculator application will be opened.
The bug is related to the parsing of header images in Adobe products, where the applications do not verify the validity of the image header before rendering it. This allows for an unchecked buffer overflow and the execution of malicious code. The exploit can be triggered by sending the malicious image to the user or hosting it on a website or email.
This is a proof of concept exploit for the DivX 6.6 SRT vulnerability. It overwrites the Structured Exception Handler (SEH) to gain control of the program flow. The exploit has been tested on Windows XP SP2. The exploit code is written in Python and was developed by Mati Aharoni (muts) and Chris Hadnagy (loganWHD) of Offensive Security. The exploit utilizes a Unicode buffer and a Unicode friendly POP POP RET sequence. The payload includes stack alignment, saving stack registers, and aligning EAX for popad/fd instructions. The exploit also includes a Venetian self-decoding bindshell on port 4444. The bindshell is 1580 bytes in size and is built on alternating 00 01 surface. The exploit includes a buffer and shellcode canvas of 5000000 bytes.
This module exploits a stack overflow in the w22n51.sys driver provided with the Intel 2200BG integrated wireless adapter. This stack overflow allows remote code execution in kernel mode. The stack overflow is triggered when a 802.11 Probe response frame is received that contains multi vendor specific tag and "x00" as essid and essid length element. This exploit was tested with version 8.0.12.20000 of the driver and an Intel Centrino 2200BG integrated wireless adapter. Newer versions of the w22n51.sys driver are provided from Intel to resolve this flaw. Since this vulnerability is exploited via probe response frames, all cards within range of the attack will be affected. Vulnerable clients don't need to have their card in a particular state for this exploit to work. This module depends on the Lorcon library and only works on the Linux platform with a supported wireless card. Please see the Ruby Lorcon documentation (external/ruby-lorcon/README) for more information.
The KwsPHP script allows remote attackers to execute arbitrary PHP code via a crafted URL. This vulnerability can be exploited by an attacker with access to the affected script to upload and execute a malicious PHP script.
I have released this exploit for the alsaplayer bug CVE-2007-5301. You can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/. With my modified version of vorbiscomment, you can generate an ogg exploit.
The FLABER <= 1.1 RC1 application is vulnerable to remote command execution. An attacker can overwrite an existing file with arbitrary data by using the $_POST array. This can lead to the execution of arbitrary commands on the target system.
This exploit works against LeapFTP 2.7.3.600 running on Windows 2000 SP3 Russian edition. When LeapFTP requests IP and port by using PASV command if pasv mode is enabled, it causes the buffer overflow on the stack area if server's reply for this PASV request has a long IP address. And this buffer overflow can overwrite a Structured Exception Handler on the stack area with an arbitrary value by specifying the address data over 1057 bytes. If this reply contains 0x29 and 0x2E bytes, an exception occurs before Structured Exception Handler is overwritten and program continues its normal work.
Services By CQR