This script sets up a fake SMTP server which allows an attacker to exploit a buffer overflow vulnerability. The script contains an egghunter and a bind shell payload.
This is a remote root exploit for Ethereal (0.10.0 to 0.10.10) SIP Dissector. It adds a user named 'su' with password 'su' on the victim host.
Execution of a particular program from the Arachne suite reliably causes a kernel panic due to a NULL-pointer dereference in nfs4_proc_lock().
This proof of concept code demonstrates an integer overflow vulnerability in the Cisco VPN Client. If a maliciously crafted file containing malformed characters is read by the application, it will crash. This vulnerability has been tested on various Windows operating systems and different versions of the Cisco VPN Client.
Xlpd is an LPD (Line Printer Daemon) application for MS Windows platforms. When applying Xlpd, your local PC with a printer becomes a print server where the print jobs from various remote systems are requested and processed in a networked environment. Xlpd helps you print remote files locally without manually downloading them into your local computer. When you are connected to a remote UNIX/Linux system with Xmanager or Xshell program and want to print some data of the remote system, just enter the print command on the terminal prompt.
This exploit allows a local user on the server to read other people's emails. The exploit code includes padding with NOPs and uses the Aleph1 shellcode for executing a shell. The exploit requires a local user account on the server.
The exploit takes advantage of the vulnerable googleapps.url.mailto:// URI handler in Internet Explorer. By injecting the '--domain=' switch for the googleapps.exe executable, arbitrary switches can be passed to the Google Chrome chrome.exe executable, allowing the execution of arbitrary commands or batch files from the local system or a remote network share.
User-supplied value for the Hostsize field results in an integer overflow and subsequently a complete stack smash by passing an overlong string to the HostList one allowing an attacker to execute arbitrary code. All modules in memory are compiled with /SAFESEH=on but it's still possible to execute arbitrary code by passing a certain trusted handler from kernel32.dll. Other attacks are possible through the ProtoSize or ServerSize fields.
This exploit targets the Ada Image Server v0.6.6 and allows for a SEH overwrite. It has been discovered and exploited by Blake. It has been tested on XP SP1. The vulnerability allows an attacker to send a payload to the server, which results in a shell bind TCP connection being established.
This exploit opens a backdoor on port 4444 with nobody access. It targets the apage.cgi script in WebAPP CGI that is vulnerable to command injection. The exploit downloads a malicious file from a remote server and executes it on the target system.
Services By CQR