This is a proof-of-concept exploit for a buffer overflow vulnerability in DivX Plus Web Player version 2.1.2.265 and earlier. The bug is triggered when a maliciously crafted file:// URL is passed to the vulnerable application. This can lead to arbitrary code execution.
This exploits CVE-2011-1485, a race condition in PolicyKit. This exploit uses inotify to learn exactly when the /proc/PID is being stat(2)'d and execl to the suid binary as the very next instruction.
Array overflow during the handling of the GWB (GenStat book) files with possibility of placing a NULL word in an arbitrary memory location. The vulnerability is exploitable only if the user opens a malicious GWB file.
Buffer overflow during the copying of the strings in a stack buffer of 256 bytes. There is an integer overflow in the handling of the rows. The number of rows (first element of the second line in the file) is multiplied by the size of the elements (8 for floats, 4 for strings and so on) and the allocated memory gets overflowed when the elements are copied. Buffer overflow in the CYB USE command.
The application suffers from a heap overflow vulnerability because it fails to properly sanitize user supplied input when parsing .ashprj project file format resulting in a crash corrupting the heap-based memory. The attacker can use this scenario to lure unsuspecting users to open malicious crafted .ashprj files with a potential for arbitrary code execution on the affected system.
CF Image Hosting Script 1.3.82 is vulnerable to a file disclosure vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server, which will disclose the contents of arbitrary files on the server.
Easy Hosting Control Panel (EHC) is designed for hosting of multiple domains on single machine. It uses LAMP(LinuxApacheMysqlPhp). Its aim:easily installable,easy usage, non-complex,functional. To add a ftp account & domain does not require a login. An attacker can exploit this vulnerability by uploading a shell via ftp to http://site.com/vhosts/[username]/[domain]/httpdocs/shell.php
Multiple SQL Injection, Cross-Site Scripting (XSS) and Information Disclosure vulnerabilities were identified within Concrete5 version 5.4.2.1. Only a select few vulnerabilities are outlined in this disclosure, many other vulnerabilities were discovered. Due to time restraints only a small sample of the vulnerabilities are outlined below.
This exploit uses the addUrl method in DeploymentScanner module to exploit a misconfigured JBoss JMX Console. It requires the user to edit the $url_cmd to match the war payload url and $url_shell to their reverse shell url. The JSP shell is not the author's and is available everywhere. The author also added a -b param that builds the war container, which requires Java.
This module exploits an sql injection flaw in CA Total Defense Suite R12. When supplying a specially crafted soap request to '/UNCWS/Management.asmx', an attacker can abuse the reGenerateReports stored procedure by injecting arbitrary sql statements into the ReportIDs element.
Services By CQR