This is a proof-of-concept code for the MS06-040 vulnerability, which allows remote code execution. It is tested against Windows XP SP1 and Windows 2000 SP4. The affected systems include Microsoft Windows 2000 SP0-SP4, Microsoft Windows XP SP0-SP1, and Microsoft Windows NT 4.0.
Vignette is prone to an issue which may expose the contents of memory to remote attackers. This condition is due to a flaw in how StoryServer calculates the size of certain characters in URI variables, which may cause data from adjacent memory to be returned to the remote attacker in the response.
A format string vulnerability has been reported for Magic Winmail Server when processing the USER POP3 command. An attacker may exploit this vulnerability by connecting to the vulnerable mail server and issuing the USER command with malicious format string specifiers. This may result in the corruption of sensitive memory.
The vulnerability in Snowblind causes the web server to crash when processing a malformed HTTP request.
A remote attacker can inject SQL into queries made by the register.asp script, potentially resulting in disclosure of sensitive information or modification of data. This vulnerability may also be leveraged to exploit vulnerabilities in the underlying database.
MySQL has been reported to implement a weak password encryption algorithm. It has been reported that the MySQL function used to encrypt MySQL passwords makes just one pass over the password and employs a weak left shift based cipher. The hash may be cracked in little time using a bruteforce method. An attacker may use information recovered in this way to aid in further attacks launched against the underlying system.
Microsoft IIS is prone to an issue where the existence of users may be revealed to remote attackers. The vulnerability exists when users attempt to authenticate against a vulnerable system. IIS will generate an error page if authentication fails. Different messages are generated depending on whether the user exists or not.
A boundary condition error has been reported in the rexec program included with some versions of HP-UX. This vulnerability can be exploited by a local user to gain elevated privileges on the system.
This exploit allows for PHP code execution in Invision Power Board versions up to 3.3.4. It bypasses the patch that sanitizes the unserialize function by using a specific payload. This vulnerability can be exploited by an attacker to execute arbitrary code on the target system.
This exploit allows an attacker to execute remote commands on a target server running Phaos version 0.9.2. The vulnerability lies in the basename() function.
Services By CQR