This exploit is a proof of concept for multiple integer overflow vulnerabilities in UltraVNC and TightVNC. The exploit sends a malicious RFB protocol message to the server, which causes an integer overflow and a buffer overflow. This can be used to execute arbitrary code on the server.
Amaya 11 bdo tag stack overflow is a vulnerability that allows an attacker to execute arbitrary code on the target system. The exploit bypasses safeSEH by jumping to a pop pop push pop ret sequence in one of the amaya modules that has a constant base address in memory. It then ret's back to the stack, short jump over the overwritten SEH, decodes the first 12 bytes of the shellcode and then runs the repaired shellcode to bind a shell on port 1337.
Amaya 11 is vulnerable to a remote stack overflow vulnerability. The vulnerability only allows hex bytes between 0x01 and 0x7f to get to the stack unchanged. The exploit overwrites SEH with a compatible address of a pop pop ret, manipulates the EAX register with instructions whose opcodes fall within the acceptable range and then uses a ret to force EIP to another memory range where the payload is still intact, allowing the use of standard Metasploit shellcode with no special encoders. The exploit binds a shell to port 1337 of the victim.
GR Blog v1.1.4 is vulnerable to multiple remote vulnerabilities, including remote file upload, simple bypass, GET bypass, and POST bypass. The remote file upload vulnerability allows an attacker to upload a malicious file with a .php.jpg extension, which can be used to execute arbitrary code on the server. The simple bypass vulnerability allows an attacker to bypass authentication and access restricted files. The GET bypass vulnerability allows an attacker to access restricted files by manipulating the 'uid' parameter. The POST bypass vulnerability allows an attacker to access restricted files by manipulating the 'postStart' and 'categoryName' parameters.
A stack-based buffer overflow vulnerability in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.
Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow.
YapBB <= 1.2 is vulnerable to Blind SQL Injection. This exploit uses a time-based approach to extract the password of a given user. It sends a malicious query to the vulnerable application and measures the response time to determine the correct character of the password.
The vulnerability exists due to the application fails to properly sanitize user-supplied input. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary HTML and script code in a user's browser session in context of an affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
A vulnerability exists in Power System Of Article Management 3.0 which allows an attacker to inject malicious code into the vulnerable application. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is due to insufficient sanitization of user-supplied input to the 'ComeUrl' parameter in the 'userchklogin.asp' and 'userlogin.asp' scripts. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. Successful exploitation may allow an attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This exploit allows an attacker to inject malicious code into the Apache log files and execute arbitrary commands on the vulnerable system.
Services By CQR