This exploit is a privilege escalation exploit which uses ptrace_attach to gain root access. It was tested on Gentoo 2.6.29rc1 and was written by s0m3b0dy1 (at) gmail.com. The exploit uses a shellcode to execute a setuid program which then gives the user root access.
This exploit allows an attacker to add a new admin user to the MaxCMS2.0 application by sending a malicious POST request to the admin_manager.asp page.
An attacker can exploit this vulnerability by adding a malicious cookie to the vulnerable application. This can be done by adding a JavaScript code to the URL which will set the cookie. The attacker can then access the application with the malicious cookie and gain access to the application.
TinyButStrong version 3.4.0 is vulnerable to Local File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious script parameter to the vulnerable application. This will allow the attacker to read the content of any local file on the server.
This exploit allows attackers to traverse directories and corrupt memory by sending a POST request with a large buffer.
CastRipper 2.50.70 is vulnerable to a stack overflow vulnerability when a specially crafted .pls file is opened. This can be exploited to execute arbitrary code by corrupting the stack and overwriting the return address with a pointer to the shellcode. The exploit code is written in Perl and contains a shellcode that executes the calc.exe program.
CastRipper 2.50.70 is vulnerable to a stack overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by crafting a malicious .m3u file with a specially crafted payload and sending it to the victim. When the victim opens the malicious file, the payload will be executed, allowing the attacker to execute arbitrary code on the victim's system.
CastRipper 2.50.70 is vulnerable to a local buffer overflow vulnerability. The vulnerability is caused due to a boundary error when handling .m3u files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .m3u file with an overly long string. This may allow an attacker to execute arbitrary code.
Regardless of php.ini settings, you can create arbitrary folders, create/overwrite files, also you can end the path with an arbitrary extension, other than .xml passing a null char.
Php Recommend <=1.3 is vulnerable to authentication bypass, remote file include and code injection exploits. The vulnerable code in admin.php does not check the authentication in server.php sufficiently, allowing an attacker to bypass authentication and inject malicious code.
Services By CQR