This exploit allows an attacker to reset the admin password in versatileBulletinBoard 1.00 RC2. The vulnerability can be found at http://rgod.altervista.org/versatile100RC2.html. The exploit works regardless of the magic_quotes setting.
The SoftBizScripts Dating Script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'browse' parameter of the search_results.php page. This allows the attacker to retrieve sensitive information from the database.
This exploit targets a heap overflow vulnerability in the RegisterCom() function of the AntCore.dll library in Bigant Messenger version 2.52 and earlier. The vulnerability allows an attacker to remotely execute arbitrary code on a vulnerable system. The exploit takes advantage of this vulnerability to create a custom HTTP response that triggers the overflow and executes the attacker's code. This exploit has been tested on Windows XP SP3 with Internet Explorer 6 and 7.
This exploit allows an attacker to escalate privileges in avast! 4.7 by manipulating aavmker4.sys driver. The vulnerability has been assigned CVE-2008-1625. The exploit has been tested on Windows XP SP2 and SP3 with DEP turned on. The exploit was created by Matteo Memelli and can be found at offensive-security.com.
This exploit takes advantage of a local buffer overflow vulnerability in IDEAL Migration 2009 v4.5.1. By right clicking the first element in the tree and opening a migration project, an attacker can execute arbitrary code and gain a bind shell on the target system. The exploit code is a shell_bind_tcp payload with a length of 696 bytes. It uses the x86/alpha_mixed encoder and sets the EXITFUNC to seh and LPORT to 4444.
This is a local buffer overflow exploit for IDEAL Administration 2010 v10.2. The exploit allows an attacker to execute arbitrary code on the target system by sending a specially crafted payload. The exploit has been found by Dr_IDE and is triggered by opening a migration project and binding a shell. The exploit has been tested on Windows XP SP3.
This exploit targets IA WebMail version 3.x using the iaregdll.dll version 1.0.0.5. It uses a specific shellcode for downloading files from a URL and creating a file on the victim's machine. The shellcode is included in the exploit and can be modified to use different URLs and filenames. The exploit has been tested on Windows XP Home SP1 and Windows 2000 Pro SP4. It steals addresses from the iaregdll.dll module import tables, making it work on most servers without alteration. However, it may not work if the server is running a firewall that prevents the urldownloader from spawning a shell. This exploit is for proof-of-concept purposes only.
The Advanced Poll script has an authentication bypass vulnerability in both the admin login and user login. It can be exploited by using the payload ' or 1=1 or ''=' in both the login and password fields. Additionally, an XSS vulnerability is also found in the search field.
This module exploits a stack overflow in WM Downloader version 3.0.0.9. By creating a specially crafted .pls file, an attacker may be able to execute arbitrary code.
This is a proof-of-concept exploit for a stack buffer overflow vulnerability in Easyzip 2000 v3.5. The exploit allows for code execution with an ASCII lowercase and payload space of less than 400 bytes.
Services By CQR
