The application suffers from an authenticated path traversal vulnerability. Input passed via several parameters in index.php script is not properly verified before being used to create and delete files. This can be exploited to write backup files to an arbitrary location and/or delete arbitrary files via traversal attacks.
Run python code: asx_to_mp3_rop_exploit.pyWorks on DEP enabled for ASX2MP3Converter.exeOpen "ASX2MP3Converter.exe"Click on "Load" ButtonSelect generated file "asx_to_mp3_rop_exploit.wax"Click on "Open"Calc.exe runs.
The exploit takes advantage of a local buffer overflow vulnerability in Simple Startup Manager version 1.17. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system. The exploit has been tested on Windows 7 Ultimate Service Pack 1 (32 and 64 bit) with DEP and ASLR disabled. The exploit requires space for shellcode of size 264.
The Frigate Professional software version 3.36.0.9 is vulnerable to a local buffer overflow when the 'Find Computer' feature is used. By pasting a specially crafted payload into the 'Computer Name' field, an attacker can trigger a buffer overflow and execute arbitrary code. This proof-of-concept exploit demonstrates how to exploit the vulnerability to run the Windows calculator (calc.exe).
This exploit takes advantage of a buffer overflow vulnerability in CloudMe 1.11.2. It allows an attacker to execute arbitrary code by exploiting the Structured Exception Handler (SEH), Data Execution Prevention (DEP), and Address Space Layout Randomization (ASLR) protections. By sending a specially crafted payload, an attacker can overwrite the SEH chain and gain control of the program execution flow.
The forma.lms software version 2.3.0.2 is vulnerable to persistent cross-site scripting. The 'course_code', 'course_name', 'course_box_descr', and 'course_descr' parameters in the Course Module and the 'Email' parameter in the Profile Module are vulnerable to XSS attacks. An attacker can inject malicious scripts through these parameters and execute arbitrary code on the victim's browser.
A persistent cross site scripting web vulnerability has been discovered in the official OpenZ v3.6.60 ERP web-application. The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise browser to web-application requests from the application-side. The persistent vulnerability is located in the `inpname` and `inpdescripción` parameters of the `Employee` add/register/edit module in the `menu.html` file. Remote attackers with low privileges are able to inject own malicious persistent script code as name or description. The injected code can be used to attack the frontend or backend of the web-application. The request method to inject is POST and the attack vector is located on the application-side. The attack can be triggered from low privilege user accounts against higher privilege user accounts like manager or administrators to elevate privileges via session hijacking. Successful exploitation of the vulnerabilities results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent man
The 'es_messagesid' parameter in the School ERP Pro 1.0 is vulnerable to SQL injection. An attacker can manipulate the parameter to inject malicious SQL code, potentially allowing unauthorized access to the database.
This exploit targets a buffer overflow vulnerability in CoolPlayer. By creating a specially crafted .m3u playlist file, an attacker can execute arbitrary code on the target system. The exploit uses a return address located at 0x7C951EED (jmp esp in ntdll.dll) to redirect program execution to the shellcode. The shellcode used in this exploit is a bind shell payload generated by Metasploit, which establishes a reverse shell connection to the attacker's machine on port 4444.
This module exploits a vulnerability found in Pandora FMS 7.0NG and lower. net_tools.php in Pandora FMS 7.0NG allows remote attackers to execute arbitrary OS commands.