Hex Workshop 5.1.4 is vulnerable to a local buffer overflow when importing a specially crafted Color Mapping File (enc.cmap). By importing the file, a buffer overflow occurs, overwriting the SEH chain and allowing arbitrary code execution.
This is a proof-of-concept exploit for a local stack overflow vulnerability in BulletProof FTP Client. The vulnerability is triggered when a specially crafted .bps file is loaded, which causes a buffer overflow and allows arbitrary code execution. The exploit was discovered by Mountassif Moad and was published on milw0rm.com in 2008.
A vulnerability exists in Joomla Component PAX Gallery v 0.1 (gid) which allows an attacker to inject malicious SQL queries via the 'gid' parameter. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is only exploitable when the 'safe mode' is set to 'ON'.
By entering 'union select 1#' in the username field and pressing login, an attacker can bypass authentication and gain admin access.
A vulnerability in Windows Media Player 11 for Windows XP allows an attacker to execute arbitrary code on the target system by sending a specially crafted WAV file.
This is an advanced buffer overflow exploitation using a new method called shellhunting. It works only on a fully patched Vista SP1, but the user may need to click 'Refresh' to make the shellcode exec sometimes.
This exploit is for IntelliTamper 2.07/2.08 which is a 0-day Local SEH Overwrite Exploit. The bug was discovered by cN4phux and tested on IntelliTamper 2.07/2.08 / win32 SP3 FR. The shellcode used is Windows Execute Command (calc) from metasploit.com. The exploit is written in Python and the debugger output shows that the EIP is overwritten and an attempt to read from address 41414141 is made, causing the program to crash. The exploit is written in Python and the debugger output shows that the EIP is overwritten and an attempt to read from address 41414141 is made, causing the program to crash.
This exploit is for the FreeBSD protosw vulnerability which allows an attacker to overwrite the credential structure in the kernel. This will affect more than just the exploit's process, which is why this doesn't spawn a shell. When the exploit has finished, the login shell should have euid=0.
The ClaSS application is vulnerable to file disclosure/download attacks. An attacker can exploit this vulnerability by sending a crafted HTTP request to the export.php script with the ftype parameter set to a relative path to the file they wish to download. This can be used to download sensitive files such as school.php, dbh_connect.php, and /etc/passwd.
When a long character is imported into the SAWStudio 3.9i prf file, a buffer overflow occurs, resulting in the registers EAX:41414141 ECX:00000000 EDX:00561498 EBX:00000000 ESP:0012DA5C EBP:0012FAD0 ESI:00561498 EDI:00000000 EIP:7C91B1FA ntdll.7C91B1FA and an access violation when writing to [41414151].
Services By CQR