A SQL injection vulnerability in phpMyChat Plus 1.93 can be exploited to extract arbitrary data. A local file inclusion vulnerability in phpMyChat Plus 1.93 can be exploited to include arbitrary files.
This exploit allows an attacker to disclose local files by exploiting the DynMedia Pro Web CMS 4.0 software. By manipulating the 'dwnfile' parameter in the 'downloadfile.php' script, an attacker can retrieve sensitive information from the server.
A directory traversal vulnerability in jHTTPd 0.1a can be exploited to read files outside of the web root.
The SQL injection vulnerability exists in the 'index.php' script of SyndeoCMS, allowing the execution of arbitrary JavaScript code. The XSS vulnerability exists in the '/starnet/addons/scroll_page' script, allowing the execution of arbitrary JavaScript code.
This module exploits a previously unpublished vulnerability in the Dogfood CRM mail function which is vulnerable to command injection in the spell check feature. Because of character restrictions, this exploit works best with the double-reverse telnet payload. This vulnerability was discovered by LSO and affects v2.0.10.
This module exploits a stack buffer overflow in the yaSSL (1.9.8 and earlier) implementation bundled with MySQL. By sending a specially crafted client certificate, an attacker can execute arbitrary code.This vulnerability is present within the CertDecoder::GetName function inside "taocrypt/src/asn.cpp". However, the stack buffer that is written to exists within a parent function's stack frame.NOTE: This vulnerability requires a non-default configuration. First, the attacker must be able to pass the host-based authentication. Next, the server must be configured to listen on an accessible network interface. Lastly, the server must have been manually configured to use SSL.The binary from version 5.5.0-m2 was built with /GS and /SafeSEH. During testing on Windows XP SP3, these protections successfully prevented exploitation.Testing was also done with mysql on Ubuntu 9.04. Although the vulnerable code is present, both version 5.5.0-m2 built from source and version 5.0.75 from a binary package were not exploitable due to the use of the compiler's FORTIFY feature.Although suse11 was mentioned in the original blog post, the binary package they provide does not contain yaSSL or support SSL.
This module exploits a stack buffer overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed (default), a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When X-FromCheck is enabled (also default), the temporary form2raw.cgi data is copied by MDaemon.exe and a stack based overflow occurs when an excessively long From field is specified. The RawQueue is processed every 1 minute by default, to a maximum of 60 minutes. Keep this in mind when choosing payloads or setting WfsDelay... You'll need to wait. Furthermore, this exploit uses a direct memory jump into a nopsled (which isn't very reliable). Once the payload is written into the Raw Queue by Form2Raw, MDaemon will continue to crash/execute the payload until the CGI output is manually deleted from the queue in C:MDaemonRawFiles*.raw.
This module exploits a stack buffer overflow in the MaxDB WebDBM service. This service is included with many recent versions of the MaxDB and SAPDB products. This particular module is capable of exploiting Windows systems through the use of an SEH frame overwrite. The offset to the SEH frame may change depending on where MaxDB has been installed, this module assumes a web root path with the same length as: C:Program FilessdbprogramswebDocuments
This module exploits a stack buffer overflow in EFS Software Easy Chat Server. By sending a overly long authentication request, an attacker may be able to execute arbitrary code. The offset to SEH is influenced by the installation path of the program. The path, which defaults to "C:Program FilesEasy Chat Server", is concatenated with "users" and the string passed as the username HTTP parameter."
This module exploits a directory traversal vulnerability which allows remote attackers to upload and execute arbitrary code.
Services By CQR