This exploit allows an attacker to execute remote commands on a target system using the XMLRPC protocol. The attacker can send a specially crafted XML request to the target system, which will execute the specified command and return the output.
The RoseOnlineCMS version 3 B1 is vulnerable to Local File Inclusion (LFI) attack. This exploit works only if the magic_quotes_gpc setting is turned off. An attacker can exploit this vulnerability to include and execute arbitrary local files on the server.
This program is an xmlrpc exploit that targets a bug discovered by James from GulfTech Security Research. The exploit is specifically designed for Drupal, but other CMS such as Xoops and PhpNuke may also be vulnerable. The exploit allows for remote code execution by injecting a malicious command through the examples.getStateName method.
Exploit for BigAnt version 2.52 discovered by Lincoln. Tested on XPSP2 & Win2k3 SP2. The exploit allows remote code execution on the target system.
This code is a fix or patch for a vulnerability in WinXP - English. It is an exploit against Mini-Stream 3.0.1.1. The code includes shellcode and a NOP sled. It has been tested against WinXP SP2 and SP3.
The Joomla component com_intuit is vulnerable to local file inclusion. An attacker can exploit this vulnerability by injecting malicious code in the 'approval' parameter of the 'intuit.php' file.
This exploit targets the overflow _xlate_ascii_write function in proftpd 1.2.7/1.2.9rc2. It provides a method for remote root access. The code is dirty and there are more beautiful exploits available for this vulnerability. Two methods are provided: bind port and connect back.
This is a local Denial of Service (DoS) exploit for the IP-DATALOOK software. The exploit sends a bad procedure to the target server, causing it to disconnect.
This is a stack overflow exploit for ReGet Deluxe version 5.2 (build 330). It allows an attacker to execute arbitrary code by exploiting a vulnerability in the software.
The driver MRXSMB.SYS is responsible for performing SMB client operations and processing the responses returned by an SMB server service. A number of important Windows File Sharing operations, and all RPC-over-named-pipes, use the SMB commands Trans (25h) and Trans2 (32h). A malicious SMB server can respond with specially crafted Transaction response data that will cause an overflow wherever the data is handled, either in MRXSMB.SYS or in client code to which it provides data. One example would be if the file name length field and the short file name length field in a Trans2 FIND_FIRST2 response packet can be supplied with inappropriately large values in order to cause an excessive memcpy to occur when the data is handled. In the case of these examples an attacker could leverage file:// links, that when clicked by a remote user, would lead to code execution.
Services By CQR