This exploit is for HP Data Protector 6.11. It is a remote buffer overflow exploit which is tested on Windows 2003 R2 with DEP enabled. It uses a bindshell payload to open a port 4444 on the target machine. The payload size is 355 bytes.
This module exploits a buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted opcode 27 packet, a remote attacker may be able to execute arbitrary code.
Ollance Member Login is a PHP membership management system. Attackers can use Authentication Bypass to get into Admin Panel in the site. A persistent cross-site scripting vulnerability in the add member page of the Ollance Member Login Script.
Due to insufficient input validation in certain functions of WordPress it is possible for a user with the 'Editor' role to inject arbitrary SQL commands. By exploiting this vulnerability, an attacker gains access to all records stored in the database with the privileges of the WordPress database user. Proof of concept: 1) The get_terms() filter declared in the wp-includes/taxonomy.php file does not properly validate user input, allowing an attacker with 'Editor' privileges to inject arbitrary SQL commands in the 'orderby' and 'order' parameters passed as array members to the vulnerable filter when sorting for example link categories. 2) The get_pages() filter declared in the wp-includes/post.php file does not properly validate user input, allowing an attacker with 'Editor' privileges to inject arbitrary SQL commands in the 'sort_column' and 'sort_order' parameters passed as array members to the vulnerable filter when sorting for example pages. 3) The get_users() filter declared in the wp-includes/user.php file does not properly validate user input, allowing an attacker with 'Editor' privileges to inject arbitrary SQL commands in the 'orderby' and 'order' parameters passed as array members to the vulnerable filter when sorting for example users.
A SQL injection vulnerability exists in the Joomla component, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is triggered when the application processes user-supplied input without proper validation. An attacker can leverage this vulnerability to gain unauthorized access to sensitive information stored in the database.
A buffer overflow vulnerability exists in Rhythmbox, which is a music player for GNOME. The vulnerability is triggered when a specially crafted .m3u file is opened, resulting in a crash of the application. This vulnerability affects all versions of Rhythmbox prior to 3.4.2.
The last two days I have been investigating a vulnerability in OpenSSH affecting at least FreeBSD 4.9 and 4.11. These FreeBSD versions run OpenSSH 3.5p1 in the default install. A working Remote Exploit which spawns a root shell remotely and previous to authentication was developed. The bug can be triggered both through ssh version 1 and ssh version 2 using a modified ssh client. During the investigation of the vulnerability it was found that the bug resides in the source code file 'auth2-pam-freebsd.c'. By supplying a long username to the daemon the sshd crashes.
The vulnerability is triggered when a specially crafted request is sent to port 5555 of a host running the "data protector inet" service, part of HP Data Protector.
This script acts as a Kaillera server in order to exploit various Kaillera clients. Kaillera facilitates playing emulator games over a network. The Kaillera protocol is built on top of UDP and is mostly documented here. Kaillera clients implement this protocol, and many of them have serious vulnerabilities in their code. This server is capable of exploiting buffer overflows in the following clients. Exploit tested against Windows 7 and XP machines, gets around ASLR (modules don't have it loaded).
Steam is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for the 'Users' group, for the binary file Steam.exe, GameOverlayUI.exe and steamerrorreporter.exe. The binary (Steam.exe) is set by default to Startup with '-silent' parameter.
Services By CQR