This exploit allows a remote user with access to the web server to send a POST request to disclose the username and password of the target application. The disclosed credentials are Windows credentials with Administrator privileges. This vulnerability can be exploited after the Administrator user has logged in at least once in each Tomcat session.
This exploit is for MPlayer Lite version r33064. It allows an attacker to bypass DEP (Data Execution Prevention) and execute arbitrary code by exploiting a buffer overflow vulnerability in the m3u file parsing functionality. The exploit includes a payload that spawns a shell with elevated privileges.
This exploit allows an attacker to bypass authentication and inject SQL commands through the cookie. It targets the ExtCalendar2 application.
In KisKrnl.sys's hook function of "NtQueryValueKey", it directly writes to the buffer of "ResultLength" without any check.
The component allows directory traversal by not properly sanitizing user input in the 'view' parameter of the 'index.php' file. This allows an attacker to read arbitrary files from the system, such as the '/etc/passwd' file.
This exploit allows an attacker to execute arbitrary code by sending a specially crafted ACCL command to the FreeFloat FTP Server. The vulnerability occurs due to a buffer overflow in the server's handling of ACCL commands. By sending a long string of characters as the argument to the ACCL command, an attacker can overwrite the stack and gain control of the server's execution flow. This exploit opens a listener shell on port 4444.
This exploit is a proof-of-concept for the Solar FTP 2.1.1 PASV Command vulnerability. The exploit was developed by Craig Freyman and Gerardo Iglesias. It has been tested on Windows XP SP3. The vendor was contacted on July 11, 2011, and responded on July 12, 2011, stating that they will fix the vulnerability as soon as possible and approved the release of the proof-of-concept. The exploit relies on certain offsets that may vary depending on the subnet that the server is running on. The most consistent behavior was observed using a total buffer of about 2127 bytes. The exploit payload consists of shellcode that binds a TCP shell to a specified port.
There is a vulnerability on Fire Soft Board forums due to a non-sanitization of the $_SERVER['HTTP_USER_AGENT'] variable from every client (even visitors) of the site. This variable is printed as a span title in the admin panel overview which can lead to a session hijack or bEEf exec or whatever you want.PoC : - modify your user agent by something like : "><script>alert(document.cookie)</script><span title= - go to any page of the forum - login into your admin panel -> popup with your cookies :-)Fix : upgrade to last release (2.0.2)
This script is an exploit for the Freefloat FTP server. It uses a buffer overflow vulnerability in the [LIST] command to execute arbitrary code.
The Symantec Backup Exec software is vulnerable to a MiTM attack. An attacker can intercept and modify the communication between the Backup Exec server and the client, potentially gaining unauthorized access to sensitive information.
Services By CQR