This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By making a specially crafted HTTP request to the "snmpviewer.exe" CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code lies within the a function within "snmpviewer.exe" with a timestamp prior to April 7th, 2010. This vulnerability is triggerable via either a GET or POST request. The request must contain 'act' and 'app' parameters which, when combined, total more than the 1024 byte stack buffer can hold. It is important to note that this vulnerability must be exploited by overwriting SEH. While the saved return address can be smashed, a function call that occurs before the function returns calls "exit".
IGSSdataServer.exe version <= 9.00.00.11063 in IGSS (Interactive Graphical SCADA System) is vulnerable to a directory traversal attack. The server running on port 12401 is affected by a directory traversal that allows an attacker to access files outside of the intended directory.
This exploit is used to perform a Denial of Service attack on SpoonFTP version 1.2. It sends a specially crafted packet to the FTP server, causing it to crash and become unresponsive.
Classical heap overflow during the handling of the IVR files caused by the allocation of a certain amount of data (frame size) decided by the attacker and the copying of another arbitrary amount on the same buffer.
It is possible to bypass the security protections of ?/download.aspx? in Douran Portal and download the hosted files.
This exploit takes advantage of a buffer overflow vulnerability in CORE Multimedia Suite 2011 CORE Player 2.4. By loading a malicious playlist, an attacker can trigger the overflow and potentially execute arbitrary code.
The Tugux CMS is vulnerable to blind SQL injection. An attacker can exploit this vulnerability by injecting malicious SQL queries through the 'nid' parameter in the 'latest.php' page. The vulnerability can be confirmed by using the provided proof of concept (p0c) examples. Additionally, the vulnerability can also be used to obtain the MySQL version running on the server by accessing the server on port 3306.
This module exploits a directory traversal bug in Adobe ColdFusion. By reading the password.properties a user can login using the encrypted password itself. This should work on version 8 and below.
This module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitrary files to the system allowing the execution of arbitrary code.
This CMS suffers from multiple vulnerabilities. 1] "AjaxFileManager" implemented without the need for a valid session. Path: http://localhost/admin/libraries/ajaxfilemanager/ajaxfilemanager.php 2] "ajax_save_name.php" can be used to rename any file on the system/www-root to any name that contains safe extensions (txt,jpg etc) 3] "AjaxFileManager.php" allows download of even php files if its under the 'Root Folder'. Exploit: http://localhost/admin/libraries/ajaxfilemanager/ajax_download.php?path=../../../db/uploaded/index.php 4] "main.php" can be used to upload any file-type as long as this is true : "Content-Type: image:jpeg" Exploit:http://localhost/admin/main.php?action=upload
Services By CQR