This exploit is for a buffer overflow vulnerability in Savant, a web server software. The vulnerability allows an attacker to execute arbitrary code on a vulnerable system. The exploit is written in Perl and is tested on Windows 2000 SP4 and Windows XP SP1. The exploit connects to a remote IP address and port specified as command-line arguments. It then builds and sends a payload that triggers the buffer overflow and executes the shellcode.
ZKSoftware is a biometric attendance management system that allows remote IP based management of the hardware via UDP protocol without proper authentication. This vulnerability allows an attacker to send custom commands and download information from the system. The Etimetrack software used to manage the hardware has a hard-coded encryption key, making it susceptible to exploitation.
The OpenBSD 3.4 exec.c file is vulnerable to remote code execution. An attacker can exploit this vulnerability to execute arbitrary code on the target system. The vulnerability is caused by a lack of input validation in the exec.c file. A remote attacker can send a specially crafted request to the target system, which will trigger a buffer overflow and allow the attacker to execute arbitrary code with the privileges of the user running the affected application. This vulnerability has a CVSS score of 9.8 (Critical).
This is a proof-of-concept exploit for a stack buffer overflow vulnerability in ZippHo 3.0.6. The exploit takes advantage of a flaw in the handling of .zip files, allowing an attacker to overflow a buffer and potentially execute arbitrary code.
This exploit takes advantage of a buffer overflow vulnerability in MediaCoder (.lst) files. By crafting a specially crafted .lst file, an attacker can overflow a buffer and execute arbitrary code on the target system. This can lead to remote code execution or privilege escalation. The exploit uses a payload that connects back to the attacker's IP address on port 4444. The vulnerability affects MediaCoder version 0.7.3 build 4612 PSP edition.
The Adobe PDF LibTiff Integer Overflow Code Execution vulnerability allows remote attackers to execute arbitrary code via a crafted TIFF image in a PDF document.
EGroupware is prone to a remote command execution vulnerability because the software fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected software and possibly the computer running EGroupware.
The Joomla com_bidding component is vulnerable to SQL injection. By manipulating the 'id' parameter in the URL, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database. The vulnerability can be exploited by appending a UNION ALL SELECT statement to the URL, allowing the attacker to extract data from the 'jos_users' table.
ZipTorrent 1.3.7.3 stores proxy server information and password in plain text, allowing a local user to read passwords and others.
The ItSecTeam has discovered a blind SQL injection vulnerability in PHP Classifieds version 7.5. The vulnerability allows an attacker to inject SQL code through the 'bid' parameter in the 'ad_click.php' file. The vulnerable code fails to properly sanitize user input, allowing the attacker to execute arbitrary SQL queries on the database.
Services By CQR