Unclassified NewsBoard 1.5.3pl3 is vulnerable to blind SQL injection. This exploit allows an attacker to dump the admin MD5 password hash. The attacker must fill in the requested fields and launch the exploit from Apache.
XOOPS WF_Downloads Module v 2.05 is vulnerable to SQL injection. An attacker can exploit this vulnerability to disclose admin credentials and execute remote commands.
This exploit is a remote code execution vulnerability in Snort 2.4.0 - 2.4.2. It uses a pre-preprocessor to send a malicious payload to the target system. The payload contains a shellcode that binds a port and connects back to the attacker. The exploit was tested on Linux debian24 2.4.27-2-386 with gcc version 3.3.5 and Snort 2.4.2.
Moodle <= 1.6dev is vulnerable to SQL injection and remote command execution. An attacker can exploit this vulnerability by sending malicious input to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands and execute arbitrary commands on the server.
This exploit allows an attacker to gain access to the master.passwd file on an unpatched FreeBSD 4.11-RELEASE system. The exploit works by creating a socket connection and sending a file containing 64000000 'A' characters. The file is then written to a kmem file which contains the master.passwd file.
This exploit is for SuSE Linux 9.{1,2,3}/10.0, Desktop 1.0, UnitedLinux 1.0 and SuSE Linux Enterprise Server {8,9} 'chfn' local root bug. It allows a user to gain root privileges by setting the SHELL environment variable to the path of a shell and then running the chfn command with a modified password file. The exploit then runs the su command to gain root privileges.
Atutor 1.5.1 pl2 (possibly prior versions) is vulnerable to SQL injection and remote command execution. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the back-end database and execute arbitrary commands on the server.
This exploit is for F-Secure Anti-Virus Internet Gatekeeper for Linux <2.15.484. It is a local root exploit that takes advantage of a vulnerability in the suid cgi scripts. It creates a symlink to the vulnerable cgi script and then creates a symlink to the /etc/shadow file. It then calls the vulnerable cgi script which will overwrite the shadow file with the contents of the cgi script. This will give the attacker root access.
lnxFTPDssl_warez.c is a remote root exploit for linux-ftpd-ssl 0.17. It is a buffer overflow exploit which uses stack addresses to gain root access. It was released in October 2005 by kcope.
This exploit is a portbind shellcode which is 92 bytes in size and is used to bind a shell in port 5074. It is tested on Intel using gpsdrive_2.09-2_i386.deb. It is not robust and most likely will not work on kernel 2.6.12 because of the random address space.
Services By CQR