This exploit allows an attacker to perform a blind SQL injection attack on PunBB version 1.3.* with Pun_PM version v1.2.6. The vulnerability exists in the functions.php file of the Pun_PM extension, specifically in the pun_pm_edit_message() function. By sending a specially crafted request to the server, an attacker can manipulate the SQL query and extract sensitive information from the database.
This is a proof-of-concept exploit for the Sami FTP Server v2.0.1. It allows for the remote execution of the notepad.exe executable on the target system. The exploit has been tested on Windows XP SP2, Windows XP SP0, and FreeBSD 6.0-RELEASE Wine 0.9.6. The exploit uses the Net::FTP module in Perl and allows for the execution of arbitrary code on the target system.
The Media Player Classic - Home Cinema application is vulnerable to a crash vulnerability. An attacker can exploit this vulnerability by providing a specially crafted input file, which will cause the application to crash. This can lead to a denial of service condition.
Attempts to upload a PHP script and utilize it to execute commands and show off a fake shell.
This exploit allows an attacker to remotely upload arbitrary files through the DM Filemanager (fckeditor) in version 3.9.11. The vulnerability lies in the 'config.php' file where the 'Enabled' parameter is set to true, allowing unauthorized file uploads. The exploit works on an Apache server with the mod_mime module installed.
The AIX 5l FTP-Server crashes when an overly long NLST command is supplied. It creates a coredump file in the current directory if it is set writable by the logged in user. The goal of the exploit is to get the DES encrypted user hashes off the server. These can be later cracked with JtR. This is accomplished by populating the memory with logins of the user we would like the encrypted hash from. Logging in three times with the target username should be enough so that the DES hash is included in the 'core' file.
This exploit targets the eterm program in Ubuntu that does not have a randomized stack. It allows an attacker to escalate their privileges to root by exploiting the setuid root/utmp functionality of the program.
This exploit takes advantage of a buffer overflow vulnerability in the filename handling of ZipCentral. It uses an address from the executable file for SEH, which is reliable across different platforms. The exploit includes an egghunter shellcode and a custom decoder to execute the necessary instructions.
This exploit crashes Firefox <= 3.6.6 and Thunderbird <= 3.0.4 as well as other products that use libpng <= 1.4.2. It can be used to cause a Denial of Service attack.
This exploit allows an attacker to upload files remotely to the EZ-Oscommerce 3.1 website. The vulnerability exists in the file_manager.php/login.php component of the application. By exploiting this vulnerability, an attacker can upload malicious files to the target website.
Services By CQR