This exploit is a buffer overflow vulnerability in the ASX file header. It is triggered when a maliciously crafted ASX file is opened in Windows Media Player. The exploit overwrites the SEH handler and executes the shellcode, which in this case is a calculator.
Netgear WG102 Access Points offers the the typical SNMP write & SNMP read community password 'protection'. SNMPv2 is already known for weak security, yet NETGEAR goes one step further: the SNMP write community (password) is accessible in cleartext via the MIB which is readable via the SNMP read community.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the "onload" event handler. When a page is loaded, the browser will execute any code associated with the "onload" event handler. By using a specially crafted HTML page, an attacker can cause the browser to execute arbitrary code in the context of the currently logged in user.
MP3 TrackMaker v1.5 is vulnerable to a heap overflow vulnerability when a specially crafted .mp3 file is opened. The vulnerability is caused due to a boundary error when the application copies user-supplied data to a fixed-length buffer. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted .mp3 file.
This exploit allows an attacker to gain access to a user's IP address by using the bs_fantasy_ext <= 1.1.16 vulnerability. The attacker can use the 'getip' alias to set a ban mask for the user's IP address, and then use the 'unbanall' alias to unban the user and reveal their IP address.
Pizzis CMS version 1.5.1 and prior are vulnerable to Blind SQL Injection. This exploit allows an attacker to extract the admin password from the database. The exploit uses a GET request to send a malicious query to the vulnerable application. The malicious query is crafted to extract the admin password from the database. The exploit then iterates through the characters of the password and prints it out.
Vulnerable address : http://[host]/[path]/infusions/varcade/callcomments.php?comment_id=9999%27+union+select+0,user_name,2,3,4,5,6,user_password+from+fusion_users+where+user_id=1/*
This exploit is for Samba versions < 3.0.20. It is possible to overflow the heap by sending a specially crafted packet to the vulnerable server. The exploit uses the free() function from the GOT (Global Offset Table) to overwrite the return address of the function. This exploit does not work on Mandriva, RHEL, and Fedora.
This exploit allows an attacker to execute arbitrary code on the vulnerable system by exploiting a vulnerability in CuteNews <= 1.4.6. The attacker needs to have a super account (administrator) to exploit this vulnerability. The attacker can inject malicious JavaScript code in the IP ban form and execute arbitrary code on the vulnerable system.
The QuoteBook script is vulnerable to a remote config file disclosure vulnerability. An attacker can exploit this vulnerability by accessing the poll.inc file which contains the database credentials.
Services By CQR