This exploit targets BisonFTP Server version 3.5 and below. It allows an attacker to execute arbitrary code on the target machine by sending a specially crafted buffer overflow payload. The exploit connects to the target host and sends the payload. The payload consists of 1092 bytes of padding followed by a 368-byte shellcode. The shellcode is responsible for opening a shell on port 4444. The exploit has been tested on Windows XP SP3 Spanish (No DEP), but may work on other versions as well.
This exploit bypasses Data Execution Prevention (DEP) by using the following method: LoadLibraryA("kernel32.dll") + GetProcAddress(%EAX,"VirtualProtect") + VirtualProtect(%ESP,0x400,0x40,0x10007064)
ATutor suffers from SQL injection, cross-site scripting, and path disclosure vulnerabilities. The XSS issue is triggered when input passed via the 'search_friends_HASH' parameter to the '/mods/_standard/social/index_public.php' script is not properly sanitized before being returned to the user. The PD issues can be triggered by the 'ATutorID' cookie variable in various scripts. The SQLi issue can be triggered by the 'p_course', 'name', and 'value' parameters in the '/mods/_standard/social/set_prefs.php' script. These issues can be exploited to execute arbitrary HTML and script code, display the full installation path in an error report, and manipulate SQL queries by injecting arbitrary SQL code.
The Media Library Categories plugin version 1.0.6 for WordPress is vulnerable to SQL injection. An attacker can exploit this vulnerability by injecting malicious SQL code through the 'termid' parameter in the 'sort.php' script. The vulnerability allows an attacker to retrieve sensitive information from the database or modify its contents.
This module exploits an use after free vulnerability in Mozilla Firefox 3.6.16. An OBJECT Element mChannel can be freed via the OnChannelRedirect method of the nsIChannelEventSink Interface. mChannel becomes a dangling pointer and can be reused when setting the OBJECTs data attribute. (Discovered by regenrecht). This module uses heapspray with a minimal ROP chain to bypass DEP on Windows XP SP3
The Joomla Component com_jdirectory is vulnerable to SQL Injection. An attacker can inject malicious SQL queries through the 'contentid' parameter in the URL, which can lead to unauthorized access or data manipulation in the database.
This exploit takes advantage of a buffer overflow vulnerability in Zinf Audio Player v2.2.1. It allows an attacker to bypass Data Execution Prevention (DEP) and execute arbitrary code.
This is an exploit for the Microsoft SSL Remote Denial of Service vulnerability, also known as MS04-011. It has been tested successfully against IIS 5.0 with SSL. The exploit was developed by David Barroso Berrueta and Alfredo Andres Omella from S21sec. The vulnerability allows remote attackers to cause a denial of service by sending specially crafted SSL packets.
This module exploits a stack-based buffer overflow in actfax ftp Server version 4.27 and earlier. Actfax fails to check input size when parsing 'USER' command. This vulnerability results in arbitrary code execution. This module has been designed to bypass DEP under Windows Server 2003 SP2/R2.
This vulnerability allows an attacker to upload arbitrary files to the server.
Services By CQR