The TorrentTrader Classic 1.09 PHP/MySQL Based BitTorrent tracker is prone to multiple vulnerabilities, including SQL injection and weak password generation.
AdPeeps Ad Rotator version 8.5d1 (3-18-09) is vulnerable to XSS and HTML injection attacks. The vulnerabilities can be exploited through various parameters including uid, campainid, type, period, loginpass, accname, e9, from, subject, and idno. These vulnerabilities allow an attacker to execute arbitrary JavaScript code on the affected website. The default login credentials for the admin panel are admin/admin.
This exploit targets the PaX double-mirrored VMA munmap vulnerability to gain root access on the system. It has been tested on Debian 3.0 running Linux 2.4.29 patched with grsecurity-2.1.1-2.4.29-200501231159. The exploit code is written in C and uses shellcode to execute commands with root privileges.
This is a buffer overflow exploit for Mini-stream RM-MP3 Converter version 3.0.0.7. It allows an attacker to execute arbitrary code by creating a malicious .ASX file containing a long HREF parameter. The exploit has been tested on Windows XP SP2.
This exploit targets a buffer overflow vulnerability in Mini-stream Ripper 3.0.1.1. By sending a specially crafted .ASX file with a long HREF parameter, an attacker can overflow a buffer and potentially execute arbitrary code on the targeted system. The exploit has been tested on Windows XP SP2.
This exploit is a proof-of-concept for a heap overflow vulnerability in SDP Downloader v2.3.0. It creates a malicious ASX file that can be used to exploit the vulnerability.
The PhotoStand Image Gallery CMS is vulnerable to SQL Injection and authentication bypass, allowing a remote user to become an admin. This exploit bypasses the login and edits the template to execute arbitrary commands. It does not change anything else in the system.
This exploit allows an attacker to execute commands on a vBulletin 3.0.x system if certain conditions are met. The conditions include the showforumusers option being set to true, the user being a visitor/guest, at least one user showing the forum, and magic_quotes_gpc being turned off. The vulnerability affects vBulletin versions 3.0 up to and including version 3.0.4. The immune versions are vBulletin versions 3.0.5 and 3.0.6.
This script is suffer from Multiple Vulnerabilities including XSS, directory traversal (Unix), and File Include.
This is an exploit for a buffer overflow vulnerability in MSN Messenger. The exploit allows an attacker to download and execute shellcode on a vulnerable system. The vulnerability was discovered by Core Security Technologies and the exploit was coded by ATmaCA.