Symantec System Center Alert Management System is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.
This module exploits a buffer overflow in the PASV command in Solarftp 2.1.2. You must have valid credentials to trigger this vulnerability. Also, you only get one chance.
The vulnerability allows an attacker to perform SQL injection by manipulating the 'function' parameter in a POST request to the 'alter.php' file. By injecting malicious SQL code, an attacker can modify or delete data in the database.
The WordPress IP-Logger plugin version 3.0 is vulnerable to SQL Injection. By injecting a specially crafted SQL query in the 'lat' parameter, an attacker can manipulate the SQL query and retrieve sensitive information from the database.
This exploit takes advantage of a use after free vulnerability in the Mozilla mChannel object. The vulnerability was found by regenrecht and an MSF exploit was created by Rh0. A version specifically for Windows 7 was created by mr_me.
Sagem Fast Routers (3304-V1 / 3304-V2 / 3464 / 3504) come with a default preconfigured root password that the ISPs don't change. Instead, they create another admin account above it. The root password differs from a router to another, since it is computed from its MAC address. Thus, each unique router has its own password, which makes brute force or dictionary attacks inefficient or impossible. After reverse engineering the algorithm that computes the default password based on the MAC address, this exploit opens a remote shell in the remote host. (Generally its an Almquist Shell 'ash', which commands are compatible with the Bourne Shell 'bsh')
This exploit allows an attacker to gain remote root access on the sfr/ubiquisys femtocell webserver. It takes advantage of a vulnerability in the shttpd and mongoose software versions <= 1.42 and <= 3.0 respectively. By sending a specially crafted PUT request, the attacker can overwrite the program counter (pc) and execute arbitrary code. The exploit includes stack lifting techniques to bypass security measures and achieve the desired outcome.
This exploit bypasses DEP (Data Execution Prevention) in D.R. Software Audio Converter 8.1. The exploit creates a malicious file to execute arbitrary code. The exploit uses Return-Oriented Programming (ROP) to load the library (kernel32.dll) and get the address of the function (GetProcAddress).
This module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithemetic operation that wraps the value and is later directly trusted and called upon. This module has been designed to bypass DEP only under IE8. Multiple versions (including the latest version) are affected by this vulnerability that date back to as far as 2001. The following controls are vulnerable: TeeChart5.ocx Version 5.0.1.0 (clsid: B6C10489-FB89-11D4-93C9-006008A7EED4); TeeChart6.ocx Version 6.0.0.5 (clsid: 536600D3-70FE-4C50-92FB-640F6BFC49AD); TeeChart7.ocx Version 7.0.1.4 (clsid: FAB9B41C-87D6-474D-AB7E-F07D78F2422E); TeeChart8.ocx Version 8.0.0.8 (clsid: BDEB0088-66F9-4A55-ABD2-0BF8DEEC1196); TeeChart2010.ocx Version 2010.0.0.3 (clsid: FCB4B50A-E3F1-4174-BD18-54C3B3287258). The controls are deployed under several SCADA based systems including: Unitronics OPC server v1.3; BACnet Operator Workstation Version 1.0.76
This exploit bypasses the Data Execution Prevention (DEP) security feature in MP3 CD Converter Professional. It allows an attacker to execute arbitrary shellcode on a vulnerable system.
Services By CQR