The vulnerability is caused by the lack of proper sanitization of the variable $_SERVER["DOCUMENT_ROOT"] in multiple PHP files. An attacker can exploit this vulnerability by injecting a malicious file path in the DOCUMENT_ROOT parameter to execute arbitrary remote files.
With this exploit we can alter admins info such as email, password and some permissions. NOTE: password must be more then 5 chars.
This exploit targets the HP NNP ovalarm.exe CGI and allows for a remote buffer overflow. It has been tested on XP SP3 + IIS + NNM Release B.07.50.
This application is affected by many SQL Injection security flaws. In order to exploit them, the Magic Quotes GPG (php.ini) must be Off. The vulnerable files include functions.php and searchend.php. In functions.php, there is an authentication bypass vulnerability that allows a guest to bypass the authentication process. In searchend.php, there are multiple SQL injection vulnerabilities that allow a guest to view reserved information stored in the database.
This is a remote formatstring exploit for gnu mailutils-0.5 - mailutils-0.6.90. It is written and tested on FC3.
This exploit takes advantage of a buffer overflow vulnerability in Xenorate 2.50(.xpl) to execute arbitrary code. It utilizes a short jump instruction to bypass the next structured exception handler (SEH) and overwrite the SEH with a return address in the bass.dll library. The exploit then injects shellcode to execute the Windows calculator application. This exploit has been tested on Windows XP SP2.
This exploit targets the Audio Workstation v6.4.2.4.0 software. It leverages a buffer overflow vulnerability in the .pls file format to execute arbitrary code on the targeted system. The exploit has been tested on Windows XP SP3.
The vulnerability exists in AlefMentor 2.0, where an attacker can inject SQL queries through the 'cont_id' parameter in the 'cource.php' file. This can lead to unauthorized access or manipulation of the database.
This is a 0day exploit for a buffer overflow vulnerability in gAlan.
The exploit is a proof of concept for a remote memory corruption vulnerability in Polipo version 1.0.4. The vulnerability is caused by a flaw in the client.c file of Polipo, where a memmove function call does not properly handle the reqlen and reqbegin variables. This can lead to a segmentation fault and potential remote code execution.
Services By CQR