iMesh is a file sharing and online social network. It uses a proprietary, centralized, P2P protocol. iMesh is owned by an American company iMesh, Inc. and maintains a development center in Israel. This vulnerability is caused by passing an empty value to ProcessRequestEx method. By hijacking the ECX register to an arbitrary value, an access violation can be triggered when reading 0D0D0D0D. This exploit adds an administrative account using various stages of heap spray.
There exists a buffer overflow in Stoneys FTPd that most rxBot mod's use. The problem lies in how the code parses the PORT command and gives an opportunity for a buffer overflow. Problem is that the ftpd also uses select() to handle multiple connections. So when sending the crafted PORT command select() returns NULL making it return and exit the FTPd thread resulting merely in a Denial Of Service of the FTPd with no crash of the bot itself.
This exploit is a local privilege escalation vulnerability in iwconfig version 26. It allows a local user to gain root privileges by exploiting a buffer overflow vulnerability in the iwconfig executable. The exploit uses a 45 byte shellcode to gain root privileges.
This exploit is a buffer overflow vulnerability in PhpTagCool Zatueritor 1.0. It allows an attacker to send malicious data to the application, which can cause the application to crash or execute arbitrary code. The vulnerability is caused by a lack of input validation, which allows an attacker to send malicious data to the application.
This exploit allows an attacker to execute arbitrary commands on a vulnerable server running Class-1 Forum. The attacker can send a specially crafted HTTP request to the vulnerable server, which will then execute the command specified in the request. The exploit requires the attacker to have knowledge of the server's path, hostname, port, and command to be executed.
The problem seems to be when a hostname which has all dashes causes the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an empty string. Meaning, Firefox appends 0 to approxLen and then appends the long string of dashes to the buffer instead. The following HTML code below will reproduce this issue: <A HREF=https:--------------------------------------------- >
This PoC will Crash the server by sending an exploit to the server.
This exploit is a buffer overflow vulnerability in the Windows Console State Information. It allows an attacker to execute arbitrary code in the context of the current user. The vulnerability is caused by a lack of bounds checking when writing to the console state information structure. This can be exploited by an attacker to overwrite the return address of a function with a pointer to malicious code.
This exploit is used to freeze the CUPS server and increase the processor load. It is done by sending a crafted string to the server. The crafted string contains a buffer of 50 bytes with the last two bytes being '..'. This exploit was coded and the bug was found by tracewar of darklogic.
This exploit allows an attacker to download a backup file from a vulnerable vBulletin forum. The exploit works by sending a GET request to the vulnerable server for a backup file with a specific date string. The exploit supports five different date strings, which are used to support different international vBulletin forums. The exploit was first reported in 2005 and affects vBulletin versions prior to 3.6.7.
Services By CQR