This module exploits a remote buffer overflow in HP Intelligent Management Center UAM. The vulnerability exists in the uam.exe component, when using sprint in a insecure way for logging purposes. The vulnerability can be triggered by sending a malformed packet to the 1811/UDP port. The module has been successfully tested on HP iMC 5.0 E0101 and UAM 5.0 E0102 over Windows Server 2003 SP2 (DEP bypass).
This exploit is a proof-of-concept for a remote crash vulnerability in hMailServer 5.3.3. By sending a specially crafted packet to the IMAP service, an attacker can cause the service to become inaccessible. This vulnerability has been tested on hMailServer 5.3.3 with default settings and has been found to reliably crash the IMAP service on Windows XP SP2 and Windows Server 2003 R2 SP2. It can also cause all services (SMTP, IMAP, and POP) to become inaccessible on Windows Server 2008 R2 SP1, although this is less reliable. To perform additional fuzzing, it is recommended to disable the 'Auto-ban' feature in the hMailServer Admin console.
This vulnerability allows remote attackers to cause a denial of service (DoS) condition by sending a crafted request to the Arctic Torrent application. The vulnerability is caused by a memory corruption issue and can lead to a crash in the application.
When you install script as first time, it will be generate file log & if we enter here for example :http://127.0.0.1/akcms4.2.4/logs/we see two files log:1- for config log e.g. :20120910.log2- for failed login e.g. :admin20120910.logif we see first file, we see the name of file as the date when install script, but if we enter the folder and permission of index is on, we can read it ..or we can brute force of that file by some programmer found in google or you can generate simple script for yourself ..# P.O.C :http://127.0.0.1/akcms4.2.4/logs/20120910.logyou will see the information of config like this for example :16:57:56 127.0.0.1 file=install $dbtype = 'mysql';$dbhost = 'localhost';$dbuser = 'root';$dbpw = '000000';$dbname = 'ak';$tablepre = 'ak';$charset = 'utf8';$timedifference = '0';$template_path = 'ak';$codekey = 'snGrZU';$cookiepre = '9x5G74';
The Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 is affected by an arbitrary file disclosure and command execution vulnerability. An attacker can exploit this vulnerability to disclose sensitive information and execute arbitrary commands on the affected device.
The 'tradecli.dll' component in 1C: Arcadia Internet Store allows remote attackers to disclose sensitive information by specifying an arbitrary file on the same drive as the webserver through a traversal attack.
This exploit allows local users to escalate their privileges in ActFax 4.31. It was discovered by Craig Freyman and published on his blog on August 2012. The exploit uses a payload to execute the cmd.exe command on the target system. The author provides a link to the detailed description of the exploit.
A blind SQL Injection vulnerability is detected in OpStor v7.4, Storage Area Network Monitoring. The vulnerability allows an attacker (remote) or local low privileged user account to execute SQL commands on the affected application dbms. The vulnerability is located in raidMaps.do file with the bound vulnerable name parameter. Successful exploitation of the vulnerability results in dbms & application compromise. Exploitation requires no user interaction & without privileged user account.
The LoudBlog version 0.5 and below is vulnerable to SQL injection, which allows an attacker to disclose admin credentials.
This exploit takes advantage of a local buffer overflow vulnerability in Photodex ProShow Producer v5.0.3256. The vulnerability allows an attacker to execute arbitrary code by overflowing a buffer with a specially crafted payload. The exploit includes an egghunter and shellcode for a windows/shell_reverse_tcp payload.
Services By CQR