This exploit adds a new admin user by taking advantage of a stack overrun vulnerability and the ability to create trigger files in MySQL. The attacker needs to have 'file' privileges for the target system and be able to create files owned by the 'mysql' user. By creating a trigger file with the attached user set as 'root@localhost', the exploit is able to execute commands with admin privileges. The exploit involves crashing the MySQL server to force it to recognize the trigger file and then creating a new user with all privileges enabled.
Monop, included in bsd-games, is prone to a locally exploitable buffer overrun vulnerability. This vulnerability is due to insufficient bounds checking of player names. Monop is typically installed setgid games, so it is possible to exploit this issue to execute arbitrary code with these privileges.
The srcpd commands in srcpd version 2.0 and earlier are vulnerable to stack-based buffer overflow attacks. This vulnerability allows an attacker to run arbitrary code on a vulnerable host by exploiting the lack of boundary checking in the affected functions.
The vulnerability allows a local attacker to gain unauthorized access to potentially sensitive information by exploiting the dlopen() function in PHP source when used with the Apache web server. The attacker can dump the processes memory into /tmp, which can be useful for various purposes.
This module checks the AlwaysInstallElevated registry keys which dictate if .MSI files should be installed with elevated privileges (NT AUTHORITYSYSTEM). The default MSI file is data/exploits/exec_payload.msi with the WiX source file under external/source/exploits/exec_payload_msi/exec_payload.wxs. This MSI simply executes payload.exe within the same folder. The MSI may not execute successfully successive times, but may be able to get around this by regenerating the MSI. MSI can be rebuilt from the source using the WIX tool with the following commands: candle exec_payload.wxs light exec_payload.wixobj
Helper applications that are shipped with IPNetSentryX and IPNetMonitorX can be harnessed by a local attacker to provide for unauthorized network reconnaissance. The attacker can run the RunTCPDump utility with specific parameters to capture network traffic and gather sensitive information.
The pHNews script is vulnerable to remote code execution due to insufficient input validation. An attacker can exploit this vulnerability by manipulating the 'templates_dir' parameter to execute arbitrary code on the target server. This exploit works when register_globals is set to On and magic quotes are turned off. The attacker can specify a command to be executed on the target server.
This module exploits a buffer overflow in Apple QuickTime 7.7.2. The stack based overflow occurs when processing a malformed Content-Type header. The module has been tested successfully on Safari 5.1.7 and 5.0.7 on Windows XP SP3.
By modifying system configuration values that control the TCP window size, an attacker may connect to and trigger a denial of service in an appliance that is running a vulnerable version of ScreenOS.
The Half-Life Client is prone to a remotely exploitable buffer overflow vulnerability. The issue occurs in the client connection routine, used by the client to negotiate a connection to the Half-Life game server. Due to a lack of sufficient bounds checking, a malicious server may execute arbitrary code on an affected client.
Services By CQR