A bug in the Advance Micro Devices K6 processor allows non-privileged code to crash the machine. The exploit code provided demonstrates how this can be achieved by accessing an invalid address that resembles an already cached address. The bug can be triggered by loading the address of something in a deep cache on the CPU, such as the _start function. The vulnerability can be mitigated under Linux 2.1.x.
There exists a buffer overflow in Lynx's built-in mailer that can be exploited when the victim tries to follow a hyperlink. Lynx makes blind assumption on e-mail address length, and sprintfs it into 512-bytes long buffer. The vulnerability is in LMail.c as part of the processing of "mailto:" URLs. The overflow can be triggered by using a 'mailto' hyperlink with a large amount of data, specifically over 2 kB of 'A's. This can lead to arbitrary code execution or a denial of service.
This exploit allows remote attackers to include and execute arbitrary files on the affected server.
There is a buffer overflow vulnerability in Qualcomm's Eudora Internet Mail Server. By connecting to its TCP port number 106 and issuing the USER command followed by a string over a thousand bytes in length, the server can crash, potentially causing the machine to go down.
There exists a buffer overflow in fingerd that allows a remote attacker to execute any local binaries.
This exploit allows an attacker to upload arbitrary files to a vulnerable Wordpress plugin called content-flow3d. The attacker needs to provide the target URL as a command-line argument. The exploit uses cURL to send a POST request to the upload.php file of the plugin with a file named bazinga.php.jpg. The exploit is tested on CentOS and Ubuntu Server 11.04.
Exploit is not described in the given text.
The SN News <= 1.2 application is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain unauthorized access to the application's database.
This vulnerability allows an attacker to upload arbitrary files to the target system using the Foxypress plugin for Wordpress. The exploit uses a specially crafted PHP file to upload a file named lo.php to the target system. The uploaded file can be used to execute arbitrary code on the target system.
The vulnerability allows an attacker to disclose sensitive information, send arbitrary emails, and perform blind SQL injection attacks. The attacker can access the website's configuration file, send emails with arbitrary content, and execute arbitrary SQL queries.
Services By CQR