This exploit targets the N`CMS 1.1E software and allows for pre-authentication local file inclusion, which can be used to execute remote code. The vulnerable code is shown in the script. By manipulating the 'page' parameter in the URL, an attacker can include arbitrary files on the server and potentially execute malicious code. The exploit requires a wordlist for bruteforcing the database credentials.
CSRF exploit allows an attacker to change the admin password without authorization. XSS vulnerability allows an attacker to execute arbitrary script code on the affected website.
This is a proof-of-concept exploit that causes a local crash in Movavi VideoSuite 8.0 (SlideShow.exe). The exploit takes advantage of a buffer overflow vulnerability in the software.
This Perl script exploits a SQL injection vulnerability in the DSecurity application. It allows an attacker to execute arbitrary SQL queries and retrieve sensitive information from the database.
The N-13 News 4.0 version is vulnerable to CSRF (Cross-Site Request Forgery) attack. An attacker can add a new admin user by exploiting this vulnerability. The exploit involves submitting a crafted form to the admin.php file with the required parameters.
This module exploits a buffer overflow vulnerability in _tt_internal_realpath function of the ToolTalk database server (rpc.ttdbserverd).
This module exploits a buffer overflow vulnerability in opcode 21 handled by rpc.cmsd on AIX. By making a request with a long string passed to the first argument of the 'rtable_create' RPC, a stack based buffer overflow occurs. This leads to arbitrary code execution. NOTE: Unsuccessful attempts may cause inetd/portmapper to enter a state where further attempts are not possible.
This module exploits a heap buffer overflow within versions of Exim prior to version 4.69. By sending a specially crafted message, an attacker can corrupt the heap and execute arbitrary code with the privileges of the Exim daemon. The root cause is that no check is made to ensure that the buffer is not full prior to handling '%s' format specifiers within the 'string_vformat' function. In order to trigger this issue, we get our message rejected by sending a message that is too large. This will call into log_write to log rejection headers (which is a default configuration setting). After filling the buffer, a long header string is sent. In a successful attempt, it overwrites the ACL for the 'MAIL FROM' command. By sending a second message, the string we sent will be evaluated with 'expand_string' and arbitrary shell commands can be executed. It is likely that this issue could also be exploited using other techniques such as targeting in-band heap management structures, or perhaps even function pointers stored in the heap. However, these techniques would likely be far more platform specific, more complicated, and less reliable. This bug was originally found and reported in December 2008, but was not properly handled as a security issue. Therefore, there was a 2 year lag time between when the
This module exploits a flaw in the Clam AntiVirus suite 'clamav-milter' (Sendmail mail filter). Versions prior to v0.92.2 are vulnerable. When implemented with black hole mode enabled, it is possible to execute commands remotely due to an insecure popen call.
This module exploits a malicious backdoor that was added to the Unreal IRCD 3.2.8.1 download archive. This backdoor was present in the Unreal3.2.8.1.tar.gz archive between November 2009 and June 12th 2010.
Services By CQR