This exploit is based on the brief information provided by Nine:Situations:Group (http://www.milw0rm.com/exploits/9199). Exploiting improper permissions is fun. A few notes are in order though. The getPlus service (that I tested, via 9.1.2) isn't installed as an 'Automatic' service, therefore making it slightly harder (but not hard) to practically use to your advantage. But I tested running this code under a GUEST account and it worked pretty good (just the first time though). Change the values as needed, compile and run. Things could be more or less silent, lethal or non-lethal... it is completely up to you. Things cannot get much simpler than this.
This exploit is a local buffer overflow exploit for the WINMOD V 1.4 (.lst File). It uses a 2880 byte buffer to overwrite the SEH handler, followed by a 6 byte NOP sled and a shellcode of 464 bytes. It was tested on Windows XP Pro SP2 (EN).
This exploit creates a malicious .srt file with a large amount of data which when opened in KMplayer version 2.9.4.1433 and below, causes a buffer overflow and allows for arbitrary code execution.
A Cross-Site Scripting (XSS) vulnerability exists in PowerUpload. An attacker can inject arbitrary JavaScript code into the application by setting the 'myadminname' cookie to 'YWRtaW5='. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This exploit is for Soritong MP3 Player 1.0 (SKIN) which is vulnerable to a local stack overflow exploit. The exploit is written in Perl and uses a win32_exec payload from Metasploit. The exploit code contains a shellcode which is 584 bytes long followed by a 6 byte NSEH and a 4 byte SEH. The shellcode is then followed by 1000 bytes of junk data.
This exploit is a local stack overflow vulnerability in Streaming Audio Player 0.9 (skin). It allows an attacker to execute arbitrary code by overflowing the buffer with a malicious payload. The payload is encoded using the PexAlphaNum encoder and is executed using the win32_exec command. The exploit uses the SEH (Structured Exception Handler) technique to bypass security measures.
A buffer overflow vulnerability exists in Acoustica MP3 Audio Mixer v.2.471 Demo. The vulnerability is caused due to a boundary error when handling .m3u files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .m3u file. Successful exploitation may allow execution of arbitrary code.
When a malicious file is created and opened from the menu of the program, it causes a crash.
Alibaba-clone CMS is vulnerable to remote SQL injection. Attackers can exploit this vulnerability to gain access to sensitive information stored in the database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'IndustryID' parameter of the 'category.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, such as usernames and passwords.
The vulnerability exists in the latest 24 sp1 version of the DD-WRT firmware. The problem is due to many bugs and bad software design decisions. There are two issues: 1) No metacharacters handling and 2) Command gets executed even without successful authentication. The httpd server runs as root which is the third issue.
Services By CQR