This exploit takes advantage of a buffer overflow vulnerability in VUPlayer version 2.49 and earlier. The exploit allows an attacker to execute arbitrary code with the permissions of the user running the vulnerable software. The exploit includes a shellcode payload that opens the Windows calculator application (calc.exe).
The exploit allows remote upload of files through a greeting card website. After registering on the website and uploading shells, the uploaded files can be accessed at http://[site]//cards/id_thumb_evil.php. An example demo URL is http://server/cards/1275663706_thumb_oujda.php.
The Joomla component com_searchlog is vulnerable to SQL Injection. The vulnerability is located in the 'log.php' file at line 30. An attacker can exploit this vulnerability by manipulating the 'search' parameter in a POST request. By injecting malicious SQL code, an attacker can manipulate the database and potentially gain unauthorized access or retrieve sensitive information.
The Joomla component com_djartgallery has multiple vulnerabilities including Cross Site Scripting (XSS) and Blind SQL Injection. The XSS vulnerability can be exploited by injecting code into the 'id' parameter in the editimage function. The Blind SQL Injection vulnerability can be exploited by injecting code into the 'cid' parameter in the editItem function. Both vulnerabilities allow an attacker to execute arbitrary code or extract information from the database.
This is a proof-of-concept exploit for a SQL injection vulnerability in phpBB version <=2.06. By manipulating the search_id parameter, an attacker can execute arbitrary SQL statements. The exploit retrieves the MD5 hash for a user with a specific user_id.
This exploit allows remote code execution in Mozilla Firefox version 1.04 and below. It takes advantage of a vulnerability in the InstallVersion->compareTo function.
This module exploits a SQL injection flaw in the Lyris ListManager software for Microsoft SQL Server. This flaw allows for arbitrary commands to be executed with administrative privileges by calling the xp_cmdshell stored procedure. Additionally, a window of opportunity is opened during the ListManager for MSDE install process; the 'sa' account is set to the password 'lminstall' for a 5-10 minute period. After the installer finishes, the password is permanently set to 'lyris' followed by the process ID of the installer (a 1-5 digit number).
This exploit allows an attacker to bypass the login functionality in Website Baker version 2.6.0 and execute remote commands. It works when magic_quotes_gpc is turned off. The attacker needs to launch the exploit from Apache, fill in the requested fields, and then execute the commands.
This exploit targets eZ versions 3.3 to 3.5. It exploits a vulnerability in the Cryptso.dll file, which contains a 'static' jmp esp instruction. The exploit jumps to esp and then jumps backward to reach the shellcode. The shellcode provides a reverse remote shell. The exploit uses the PEB technique for the universal shellcode.
This exploit allows an attacker to perform blind SQL injection and execute remote commands on a Zen-Cart <= 1.2.6d website. It works regardless of whether magic_quotes_gpc is enabled or not.
Services By CQR