This module exploits a vulnerability in QQPLAYER Player 3.2. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.
This exploit targets the cyrus pop3d server and allows remote code execution. It takes advantage of a vulnerability in the popsubfolders feature, which needs to be enabled. The exploit was tested on cyrus-imapd-2.3.2 running on Linux.
The vulnerable code is in the ajax_save_name.php file of FreeWebshop version 2.2.9 R2. The code allows an attacker to manipulate the $selectedDocuments array, which is then displayed at line 50. This manipulation can lead to remote code execution.
QuiXplorer 2.3 allows remote attackers to upload arbitrary files via the index.php?action=upload&order=name&srt=yes parameter.
This module exploits a vulnerability found in Aviosoft Digital TV Player Pro version 1.x. An overflow occurs when the process copies the content of a playlist file on to the stack, which may result in arbitrary code execution under the context of the user.
LabWiki <= 1.1 is affected by multiple vulnerabilities, including a shell upload vulnerability and multiple cross-site scripting vulnerabilities. The shell upload vulnerability allows an attacker to upload a malicious file disguised as an image. The cross-site scripting vulnerabilities allow an attacker to inject and execute arbitrary scripts on the LabWiki web pages.
This exploit allows an attacker to execute arbitrary code by sending a specially crafted playlist file to Aviosoft Digital TV Player Professional 1.x. The exploit takes advantage of a stack buffer overflow vulnerability in the software.
This is a proof of concept exploit for a remote heap overflow vulnerability in the Oracle Hyperion Strategic Finance Client 12.x Tidestone Formula One WorkBook OLE Control TTF16 (6.3.5 Build 1). The vulnerability can be triggered by calling the SetDevNames() function. The exploit is 99% stable and does not require DEP (Data Execution Prevention) to be enabled. The vulnerability may also affect other products, but version 6.1 seems to be not vulnerable. More details about the exploit can be found at the provided link.
This module exploits a vulnerability in the KnFTP application. The same by-pass DEP with AlwaysOn. Built for the 10th contest of [C]racks[L]atino[S].
The vulnerable code is located in /ajaxfilemanager/ajax_create_folder.php. The script starts output buffering at line 11 and then calls the 'displayArray' function to display the $_POST array content. At line 13, the 'writeInfo' function is called with the current buffer content as a parameter. The 'writeInfo' function writes the parameter data into a file called 'data.php' without any check, allowing an attacker to inject and execute arbitrary PHP code.