When logging option is enabled freeftpd copies the user and the pass supplied by the user in the memory before putting it in a logfile. If the attacker's username is too big for the size of the buffer, it overwrites SEH handler and the stack itself, causing an access violation and code execution is possible.
Will download a trojan from any address which you provide on the target system, then will execute the trojan. For this exploit I have tried several strategies to increase reliability and performance: + Jump to a static 'call esp' + Backwards jump to code a known distance from the stack pointer since the stack address seems to change for each version of eznet. + Works out the byte difference for custom urls (must be no longer than 254 bytes!!) + Causes eznet.exe to restart (not really my choice ;o) + Shellcode steals addresses from a static module.
The Operator Shell (Osh) is a setuid root, security enhanced, restricted shell. It allows the administrator to carefully limit the access of special commands and files to the users whose duties require their use, while at the same time automatically maintaining audit records. The configuration file for Osh contains an administrator defined access profile for each authorized user or group. The exploit takes advantage of a bug in the code that handles substitutions of environmental variables. By appending to the return value of the getenv() function, an attacker can overwrite one of the environmental variables passed to the child process.
This is a remote exploit for the MS03-049 vulnerability in the NetAddAlternateComputerName function in netapi32.dll in Microsoft Windows NT and Windows 2000 through Windows XP SP1 allows remote attackers to gain privileges via a crafted argument in an RPC call.
This module exploits an arbitrary command execution vulnerability in Wzdftpd through SITE command. Wzdftpd version to 0.5.4 are vulnerable.
The Ticimax E-Ticaret application is vulnerable to SQL Injection in the Kategori.asp and urun_detay.asp pages. An attacker can exploit this vulnerability by injecting malicious SQL queries in the 'id' parameter of the URLs.
Inject script asp to tell the script to take them infected ..
The Joomla component com_jsjobs is vulnerable to SQL Injection. The vulnerability exists in the view.html.php file in the 'categories' section. The code on line 53 does not properly sanitize user input, allowing an attacker to inject malicious SQL queries. This can lead to unauthorized access to sensitive information stored in the server's database.
The Persian E107 script is vulnerable to XSS. An attacker can exploit this vulnerability by registering on the website and then going to the usersettings.php page. They can then edit their signature and insert malicious code, such as a script that redirects users to a different website. This can be used to steal cookies or perform other malicious actions.
The vulnerability allows an attacker to perform SQL injection attacks on the webiz.gr website.
Services By CQR