This script demonstrates a buffer overflow vulnerability in Perl. The script takes a target IP as input and creates a buffer with a length of 4100 bytes. It also creates a longer buffer with a length of 1999999 bytes. The script then attempts to exploit the buffer overflow by overwriting the return address with a specific value. The shellcode is also included in the script to execute arbitrary code.
No check of user rights when uploading a file, and file type is checked via HTTP header Content-Type, which can be different from the real. Exploit creates a micro.php shell on the target site.
If you flood the telnet configuration a couple dozen times with long strings, eventually the telnetd service flat out dies. Routing functions of the NetDSL continue to work fine as before. It is unknown whether only the telnetd service is affected, other means of remote configuration may have become unavailable as well.
This exploit allows an attacker to include remote files in the MailForm software. The vulnerability exists in the 'index.php' file, specifically in the 'theme' parameter. By manipulating this parameter, an attacker can execute arbitrary code from a remote location.
The PHP-Nuke-8.1-seo-Arabic script is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file through the 'newlang' parameter in the 'mainfile.php' or the 'ThemeSel' parameter in the 'index.php' file.
A crash due to an invalid read in the Windows kernel can be reliably leveraged into privileged code execution resulting in a privilege escalation local vulnerability. This happens because special values of 'hParent' where not sufficiently taken into account when patching 'xxxCreateWindowsEx' on MS010-032.
This is a proof of concept for MS10-054 vulnerability. It is a remote code execution vulnerability in Microsoft Windows SMB Client. An attacker could exploit this vulnerability by convincing a user to connect to a malicious SMB server or by tricking a user into clicking on a specially crafted link. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with the privileges of the user.
This program sends corrupt client certificates to the SSL server which will 1) crash it 2) create lots of error messages, and/or 3) result in other "interresting" behavior.
CSRF exploit for wizmall 6.4 UTF-8 For php that allows changing admin ID and password.
This exploit allows an attacker to perform SQL injection on the statistics.php file in PHPKick v0.8. It works regardless of the PHP security settings, including magic_quotes and register_globals. This exploit is for educational purposes only and should not be used without permission. The exploit was found by garwga (ICQ#:453-144-667).
Services By CQR