rootdown.pl is a perl script that exploits a vulnerability in Solaris' sadmind service to execute arbitrary commands on the target system. The vulnerability is due to a lack of authentication in the sadmind service, which allows an attacker to send specially crafted RPC requests to the service and execute arbitrary commands on the target system.
sambal.c is a remote root exploit for Samba 2.2.x and prior that works against Linux (all distributions), FreeBSD (4.x, 5.x), NetBSD (1.x) and OpenBSD (2.x, 3.x and 3.2 non-executable stack). It will send a netbios name packet to port 137. If the box responds with the mac address 00-00-00-00-00-00, it's probally running samba. It can also be used to bruteforce the return address.
This is an exploit for ntdll.dll through WebDAV. It runs a netcat command and uses a reverse remote shell. It also uses SEH and ScanMem to find the offsets of GetProcAddress.
This exploit is a brute force attack on a web panel. It uses a combination of SQL injection and RC4 encryption to gain access to the panel. The exploit uses a wait delay to determine if the correct credentials have been entered. If the delay is longer than the wait delay, then the correct credentials have been entered.
It is possible to inject malicious HTML Elements into the email and cause a Cross site Scripting (XSS) payload to be executed.
This vulnerability allows an attacker to read files from a remote system using the SSH File Transfer Protocol (SFTP). The vulnerability exists in the grab_file() function, which reads a file from the remote system and stores it in a buffer. The buffer is not properly validated, allowing an attacker to read arbitrary files from the remote system.
This vulnerability allows an unauthenticated attacker to download arbitrary files from the server. It affects NetFlow Analyzer versions 8.6 to 10.2 and IT360 versions 10.3 and above. A Metasploit module has been released to exploit CVE-2014-5445.
This exploit is a proof of concept for a pre-authentication SQL injection vulnerability in Drupal. It allows an attacker to gain access to a Drupal site without authentication by exploiting a vulnerability in the way Drupal handles session cookies. The exploit works by sending a specially crafted cookie to the server, which contains an SQL injection payload. The payload is then executed by the server, allowing the attacker to gain access to the site.
Struts2 (v2.0.0 - 2.3.15) is vulnerable to remote OGNL injection which leads to arbitrary Java method execution on the target server. This is caused by insecure handling of prefixed special parameters (action:, redirect: and redirectAction:) in DefaultActionMapper class of Struts2.
Using this Log Analyzer software, organizations can automate the entire process of managing terabytes of machine generated logs by collecting, analyzing, correlating, searching, reporting, and archiving from one central location. This event log analyzer software helps to monitor file integrity, conduct log forensics analysis, monitor privileged users and comply to different compliance regulatory bodies by intelligently analyzing your logs and instantly generating a variety of reports like user activity reports, historical trend reports, and more. The first vulnerability is an SQL database information disclosure (read any table in the database) which affects all versions from v7 to v9.9 build 9002. The second vulnerability is Windows / AS/400 managed hosts Administrator credentials disclosure which affects all versions from v7 to v9.9 build 9002.
Services By CQR