This module exploits a vulnerability found in Aviosoft Digital TV Player Pro version 1.x. An overflow occurs when the process copies the content of a playlist file on to the stack, which may result in arbitrary code execution under the context of the user.
LabWiki <= 1.1 is affected by multiple vulnerabilities, including a shell upload vulnerability and multiple cross-site scripting vulnerabilities. The shell upload vulnerability allows an attacker to upload a malicious file disguised as an image. The cross-site scripting vulnerabilities allow an attacker to inject and execute arbitrary scripts on the LabWiki web pages.
This exploit allows an attacker to execute arbitrary code by sending a specially crafted playlist file to Aviosoft Digital TV Player Professional 1.x. The exploit takes advantage of a stack buffer overflow vulnerability in the software.
This is a proof of concept exploit for a remote heap overflow vulnerability in the Oracle Hyperion Strategic Finance Client 12.x Tidestone Formula One WorkBook OLE Control TTF16 (6.3.5 Build 1). The vulnerability can be triggered by calling the SetDevNames() function. The exploit is 99% stable and does not require DEP (Data Execution Prevention) to be enabled. The vulnerability may also affect other products, but version 6.1 seems to be not vulnerable. More details about the exploit can be found at the provided link.
This module exploits a vulnerability in the KnFTP application. The same by-pass DEP with AlwaysOn. Built for the 10th contest of [C]racks[L]atino[S].
The vulnerable code is located in /ajaxfilemanager/ajax_create_folder.php. The script starts output buffering at line 11 and then calls the 'displayArray' function to display the $_POST array content. At line 13, the 'writeInfo' function is called with the current buffer content as a parameter. The 'writeInfo' function writes the parameter data into a file called 'data.php' without any check, allowing an attacker to inject and execute arbitrary PHP code.
SetSeed CMS is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the vulnerable script using the cookie input 'loggedInUser', which could allow the attacker to view, add, modify or delete information in the back-end database.
This proof-of-concept (PoC) creates a .oce file that can be used to exploit a stack-based buffer overflow vulnerability in Hyperion Interactive Reporting Studio, which is part of the Oracle Hyperion Suite. When the file is clicked, a login box appears followed by an error message, leading to a crash.
The vulnerability allows an attacker to cause a denial of service condition in Google Chrome. However, no way to exploit the vulnerability has been found.
This exploit allows an attacker to execute arbitrary code on a system running UnrealIRCd. By adding a malicious entry to the unrealircd.conf file, an attacker can trigger a stack overflow and gain control of the target system.
Services By CQR