The APC ActionApps CMS (2.8.1) is vulnerable to remote file inclusion attacks. Attackers can exploit this vulnerability to include malicious scripts from remote servers, which can lead to arbitrary code execution.
This is a universal exploit for the StreamDown software that exploits a buffer overflow vulnerability. It has been tested against Windows XP SP3 and Windows 7 SP1. It should be noted that the program will not crash in case of a meterpreter reverse TCP payload, but a session will be opened.
This exploit allows an attacker to gain root access on a system running telnetd with encryption enabled. By sending specially crafted payloads, the attacker can overwrite function pointers and execute arbitrary code with root privileges.
This exploit allows an attacker to crash the putty application by sending specially crafted packets. The vulnerability exists due to improper handling of null pointers in the application. By sending a specific payload, an attacker can trigger a null pointer dereference, leading to a crash.
FreeSSHd is vulnerable to a remote Denial of Service (DoS) attack. An attacker can send a specially crafted packet to the server, causing it to crash and become unresponsive.
This is a remote root exploit for Splunk. It allows an attacker to gain root access to a Splunk server. The exploit takes advantage of a vulnerability in the Splunk admin interface and the Splunkd Web API. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system.
The Pixie v1.04 blog post feature is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can create a crafted webpage that tricks a logged-in user into submitting a form on behalf of the attacker. This can lead to unauthorized actions being performed by the user without their knowledge or consent.
The Basic Analysis and Security Engine (BASE) version <= 1.2.4 is vulnerable to inclusion vulnerabilities. The vulnerabilities can be exploited by an attacker to include arbitrary files from remote servers, leading to potential remote code execution or information disclosure.
This exploit allows an attacker with upload rights and permissions to modify stories to execute arbitrary commands on the target system. The attacker can upload a file with a double extension and execute commands through it.
This exploit allows an attacker to execute commands remotely on the Family connections CMS v2.5.0-v2.7.1. The vulnerable code is present in the './dev/less.php' file. The exploit takes advantage of the 'register_globals' and 'register_argc_argv' PHP.ini settings. The exploit URL is 'http://192.168.220.128/[path]/dev/less.php?argv[1]=|id;'
Services By CQR