This module exploits a stack buffer overflow in MJM Core Player 2011. When opening a malicious s3m file in this applications, a stack buffer overflow can be triggered, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7.
This module exploits a stack buffer overflow in MJM QuickPlayer 1.00 beta 60a and QuickPlayer 2010 (Multi-target exploit). When opening a malicious s3m file in one of these 2 applications, a stack buffer overflow can be triggered, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7.
An attacker can exploit a SQL injection vulnerability in SOOP Portal Raven 1.0b by registering on the target and browsing to the /forum/pm_show_message.asp?ID= URL with malicious input.
This is a PoC for MS11-021/CVE-2011-0978. It modifies bits at file location 0x39E7 and eax points to location in the file 0xFB4. The data at this location is 00630009 0061006c 00730065 006d0065 006e0074 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c 006f0063 0061006c.
This module exploits a vulnerability found in Subtitle Processor 7. By supplying a long string of data as a .m3u file, Subtitle Processor first converts this input in Unicode, which expands the string size, and then attempts to copy it inline on the stack. This results a buffer overflow with SEH overwritten, allowing arbitrary code execution.
This exploit is for a stack-based buffer overflow in libmodplug version 0.8.8.2. It is triggered by a crafted .abc file, which when loaded by ModPlug_Load() causes a buffer overflow. VLC media player uses libmodplug.
File 'animation.php' suffer from XSS vulnerabilities in line 47, which allows attackers to execute arbitrary HTML and script code in a user's browser session that visit resulting in a cookie stealing and bypass of admin access controls. The vulnerability in 'manage_page.php' script permits to execute SQL commands through 'SQL query' section of Administrator Panel.
A stored XSS vulnerability using image files (jpg, png, gif tested) affects to eyeOS 1.9.0.2 version, older versions are probably affected too. eyeOS 2.x branch doesn't seem to be affected. When the user opens an image file in eyeOS, a new html frame is opened with the image file. It's ok, the problem is that we can upload files that aren't images with an image extension, and it will be opened in a frame too. That means that we can upload a HTML file (with JS inside, why not?) and it will be opened in a new frame when an user click on it. Malicious users can inject code inside image files (malware, browser exploits, etc...) to attack other users and compromise the whole system via shared files or internal messages.
This module exploits a directory traversal and remote code execution flaw in EMC HomeBase Server 6.3.0. It uploads a malicious executable file to the vulnerable server and executes it.
The vulnerabilities allows an unprivileged attacker to read the sip details including password & write javascript code. The vulnerablities are in: XSS - Address Book: http://127.0.0.1/adr.htm & DATA DISCLOSURE - Password disclosure: http://127.0.0.1/line_login.htm?l=1. XSS Vulnerability: The xss vulnerability found in the section 'Addres Book' of 'Snom IP Phone' software. The vulnerability allows the attacker to inject javascript code to the field 'number'. To exploit the vulnerability we need to access to the 'Snom IP Phone' by this url 'http://address/adr.htm'. Then we can write any javascript code that we want and send the form. by the next refreshing of the page the javascript code will run. If we already inject the javascript code so we can also be exploited by the next page 'http://address/tbook.csv'. DATA DISCLOSURE: The data disclosure vulnerability found in the section of 'Line 1' of 'Snom IP Phone' software. The vulnerability allow the attacker to read the sip details including password. To exploit the vulnerability we need to access to the 'Snom IP Phone' by this url 'http://address/line_login.htm?l=1'. Then we can see the sip details including password.
Services By CQR