jpegtoavi is prone to a buffer overflow vulnerability when handling a malformed file list. This vulnerability can be exploited remotely to execute arbitrary code in the context of the user running the application.
Yanf is prone to a buffer overflow vulnerability. This issue occurs when the client reads data from a remote HTTP server. If successfully exploited, it could allow for the execution of arbitrary code in the context of the user running the client.
This exploit allows an attacker to execute remote commands with escalated privileges in Flatnuke version 2.5.8 and below. It works regardless of php.ini settings.
The xine media library is affected by a remote buffer overflow vulnerability in the 'demux_aiff.c' file. This vulnerability allows a remote attacker to gain unauthorized access to a vulnerable computer.
This module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.
The Nagios Remote Plugin Executor (NRPE) is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dont_blame_nrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NRPE makes an effort to sanitize arguments to prevent command execution, it is possible to execute arbitrary commands.
This module exploits a pile of vulnerabilities in Adobe ColdFusion APSB13-03: CVE-2013-0625: arbitrary command execution in scheduleedit.cfm (9.x only), CVE-2013-0629: directory traversal, CVE-2013-0632: authentication bypass.
This exploit bypasses the DEP (Data Execution Prevention) security feature in FreeFloat ftp 1.0 using ROP (Return Oriented Programming). It allows an attacker to execute arbitrary shellcode on a vulnerable system. The exploit code is available at http://www.exploit-db.com/exploits/24479/
This exploit allows remote attackers to execute arbitrary code on BigAnt Server 2.97 via a crafted username, which triggers a buffer overflow.
Some Netgear Routers are vulnerable to authenticated OS Command injection. The vulnerability exists in the web interface, specifically in the setup.cgi component, when handling the TimeToLive parameter. Default credentials are always a good starting point, admin/admin or admin/password could be a first try. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes.