The following PoC instructs an HP Data Protector Client to download and install an .exe file. It tries to get the file from a share (pwn2003se.home.it) and if it fails it tries to access the same file via HTTP. To get the PoC working with this payload share a malicious file via HTTP under http://pwn2003se.home.it/Omniback/i386/installservice.exe.exe and you are done. Tweak payload to better suit your needs.
The vulnerability allows an attacker to perform SQL injection attacks through the search.php page in vBulletin 4.0.x to 4.1.2. The attacker can execute arbitrary SQL queries and gain unauthorized access to the database.
It is possible to cause a Denial of Service in Novell's LDAP-SSL daemon due to the system blindly allocating a user-specified amount of memory.
The exploit involves copying a file to a specific location in the Steam directory and then running Steam.exe, causing the program to crash. This results in the synchronization of the user's configuration file with their account. When the user logs in on another computer with the same account, Steam crashes.
Adobe Audition suffers from a buffer overflow vulnerability when dealing with .SES (session) format file. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the attacker to gain the power of executing arbitrary code or denial of service.
This exploit bypasses DEP (Data Execution Prevention) in A-PDF Wav to MP3 Converter version 1.2.0. It allows an attacker to execute arbitrary code by exploiting a stack pivot vulnerability and manipulating the stack pointer.
The exploit allows for a bypass of DEP (Data Execution Prevention) in A-PDF All to MP3 Converter version 2.0.0. It leverages a stack pivot and stack pointer technique to execute arbitrary code.
Slimpdf Reader from investintech is prone to several overflows that can lead to code execution. The crash is triggered by simply adding 50,000 random characters in the header of a PDF file.
GEARAspiWDM.sys (the CD / DVD filter) driver don't check all inputs of an IOCTL. An exception can be thrown if we modify one byte. With my test I can't do best exploitation than a BSOD.
SPlayer is vulnerable to a remote buffer overflow when parsing a specially crafted HTTP header from a remote server. The bug is triggered due to the "Content-Type:" field being passed to the wcstol() function, prior to any bounds checking. This could allow an attacker to trick a remote user into opening a specially crafted playlist file, containing a URL pointing to a malicious web server.