This exploit is a proof of concept for a denial of service vulnerability in ISC BIND 9. It sends a specially crafted packet to the target, which causes the server to crash.
If an NMI returns via espfix64 and is interrupted during espfix64 setup by another NMI, the return state is corrupt. This is exploitable for reliable privilege escalation on any Linux x86_64 system in which untrusted code can arrange for espfix64 to be invoked and for NMIs to be nested.
This PoC sends a 'version' query to see if the server is up and then sends the DoS packet. It supports IPv4 and IPv6 and runs on Linux, Mac, and Windows (cygwin or VisualStudio). The vulnerability is related to the 'TSIG' feature which allows packets to be signed with a password. When processing a TKEY packet, the code will call a function to fetch the proper TKEY record. It looks in two places: the 'answer records' section, and the 'additional records' section. If it can't find it in the 'additional', it looks in 'answer'. The lookup function takes a parameter that is initially set to NULL. During the failed lookup in the 'additional' section, it may set that parameter to a non-null value. Since a non-null value is passed in again during the second lookup in the 'answer' section, the code crashes.
NETGEAR ReadyNAS LAN /dbbroker Credential Stealing is a vulnerability that allows an attacker to steal credentials from a NETGEAR ReadyNAS LAN device. The exploit uses scapy to sniff the network traffic and extract the credentials from the POST request sent to the dbbroker. The credentials are then decoded from base64 and printed to the screen.
A buffer overflow vulnerability exists in Acunetix Web Vulnerability Scanner 9.5 when a maliciously crafted input is sent to the application. This can be exploited to cause a stack-based buffer overflow by sending an overly long string to the application when it is processing user-supplied input. This can result in arbitrary code execution.
A PoC exploit for T-Mobile Internet Manager Memory Corruption vulnerability. The exploit involves copying the content of CRASH.TXT in create new contacts and pasting it in Name field.
KMPlayer 3.9.x is vulnerable to a buffer overflow vulnerability when a specially crafted .srt subtitle file is loaded. This can be exploited to cause a denial of service or potentially execute arbitrary code.
This PoC embeds an exploit into an uncompressed map file (.h3m) for Heroes of Might and Magic III. Once the map is started in-game, a buffer overflow occuring when loading object sprite names leads to shellcode execution. Only basic arbitrary code execution is covered in this PoC but is possible to craft an exploit that lets the game continue normally after the shellcode has been executed. Using extensive knowledge of the .h3m format, it is even possible to create a map file that loads like normal in the game's map editor (which lacks the vulnerability) but stealthily executes shellcode when opened in-game.
A Stored And a Reflected XSS Vulnerability In Profile Area In Tendoo CMS Make CMS Vulnerable And Can Be Used For Stealing Admin Cookies And ....... .
A Blind SQL Injection vulnerability exists in JoomShopping, which allows an attacker to execute arbitrary SQL commands on the underlying database. This vulnerability is due to the lack of proper input validation in the 'id' parameter of the 'settings.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious 'id' parameter value. This can allow the attacker to execute arbitrary SQL commands on the underlying database, resulting in the manipulation of data, disclosure of sensitive information, and other malicious activities.
Services By CQR