This module exploits VirtueMart <= 1.1.2 Blind Sql Injection vulnerability.
This PoC code creates a web server and sends a malicious XML file to the client. The malicious XML file contains a large number of 'A' tags which causes the Safari browser to crash.
This app has tons of bugs, but because of its structure lot of them are useless.. but not them all! Look at 'core/admin/delete.php' (i have omitted the author comments): no check for admin rights, so now we can delete whatever file we want, with any exstension.. so let's delete config.php and make a rfesh new installation with a password set by us! The RCE is triggered in 'core/admin/scriptconfig.php', line 56: no sanitize of the input and no quotes added when writting to the config file (so no need mq=off)
This bug allows a guest to view username and password of a registered user.
The vulnerability is caused due to the IOCTL handler of the "tmactmon.sys" driver improperly processing user space parameters. This exploit execute arbitrary code in kernel space via a specially crafted IOCTL.
Amaya 11.1 W3C Editor/Browser (defer) Stack Overflow Exploit is a vulnerability that allows an attacker to execute arbitrary code on the vulnerable system by overflowing the stack with malicious code. This exploit is based on Rob Carter's Exploit and works with Windows XP SP2. The exploit requires the attacker to upload Devil_inside.html to a remote host.
This exploit is similar to the bug found by Wojciech Pawlikowski for Firefox. It was tested using the latest version of Opera (9.64). The exploit is a GET request to the server which sends a header with a content type of text/xml and a payload of 7400 'A' characters. This causes a buffer overflow and can be used to execute arbitrary code.
Family Connection is vulnerable to Blind SQL Injection. An attacker can bypass the authentication system by setting a malicious cookie with the name 'fcms_login_id', content '-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,'admin','password',12,13,14,15,16,17,18,19,20,21,22', server 'localhost' and path '/'. The values contained in the cookie are used by other functions and queries, which can be exploited to write the result of the SQL queries on the files.
This exploit logs in using an SQL Injection (AUTH BYPASS) via Cookie, then edits the configuration putting in it the backdoor. It needs the nick of the admin.
The Flexi ISN, which performs GPRS Gateway Service Node (GGSN) and data charging functionalities, is fully integrated with the existing Nokia Siemens Networks charge@once prepaid solution to enable flexible charging of data services. The systems integration services ensure seamless consumer experience, while managing an increasingly complex combination of new processes and systems. With the introduction of Flexi ISN, mobile telekom service provider is able to combine all in one box a GGSN and an Intelligent Charging Node. The deployed Flexi ISN 3.1 system is able, through deep packet inspection, to distinguish the type of traffic such as HTTP browsing, WAP browsing, MMS, streaming, content download thus enabling different charging models based on the type of data service used.
Services By CQR