SimpleBBS <= v1.1 is vulnerable to remote command execution. An attacker can execute arbitrary commands on the vulnerable system by sending a specially crafted request to the vulnerable server. This vulnerability can be exploited by sending a malicious request to the vulnerable server with the command to be executed as a parameter.
There is a stack based buffer overflow in all binaries that allow for some malicious attacker to gain unauthorised code execution on the system where the application is installed. Due to incorrect use of strcpy(), and a lack of correct bounds checking, a user can manipulate the $APPFLUENT_HOME environment variable to gain code execution.
SimpleBBS version 1.1 is vulnerable to remote code execution. This exploit works regardless of magic_quotes_gpc settings. An attacker can send a malicious payload to the vulnerable server and execute arbitrary code on the server.
Xaraya <=1.0.0 RC4 is vulnerable to a Denial of Service attack. The exploit is launched from Apache and requires the user to fill in requested fields. The exploit sends a large number of requests to the target server, causing it to crash.
This exploit allows an attacker to execute arbitrary commands on a vulnerable eFiction installation. The attacker must first upload a fake GIF file containing malicious PHP code, which can then be executed remotely.
This program was originally written in the due course of writing 'Hacking Exposed Cisco Networks: Cisco Security Secrets and Solutions' book. Tool author - Janis Vizulis, Arhont Ltd. It is a perl script which uses Getopt::Long, Net::RawIP and Term::ProgressBar perl modules to send a TCP packet with SYN flag set to a destination IP and port. It also allows to set source and destination MAC address and IP address.
FileZilla Server Terminal 0.9.4d is vulnerable to a Denial of Service (DoS) attack. The vulnerability is caused due to a boundary error when handling user input. This can be exploited to cause a stack-based buffer overflow by sending an overly long string to the affected server. This may allow an attacker to cause a DoS condition or potentially execute arbitrary code.
This module exploits a feature in the Saxon XSLT parser used by the Google Search Appliance. This feature allows for arbitrary java methods to be called. Google released a patch and advisory to their client base in August of 2005 (GA-2005-08-m). The target appliance must be able to connect back to your machine for this exploit to work.
This exploit is for FTGate Imapd BufferOverrun vulnerability. It uses IO::Socket to connect to the host on port 143 and sends a malicious payload of 224 bytes followed by 11305 bytes of C characters. This causes a buffer overflow and allows the attacker to execute arbitrary code.
This exploit is based on a more critical injection in the 'msg' parameter that works with magic_quotes_gpc on. It allows an attacker to gain administrative credentials disclosure and remote commands execution.
Services By CQR