Alt-N MDaemon is prone to an HTML/Javascript injection vulnerability because it fails to sanitize user-supplied input. Attacker-supplied HTML and/or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.
This exploits an arbitrary file upload vulnerability in BigAnt Server 2.97 SP7. A lack of authentication allows to make unauthenticated file uploads through a DUPF command. Additionally the filename option in the same command can be used to launch a directory traversal attack and achieve arbitrary file upload. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of BigAnt on Windows XP and 2003. It has been successfully tested on BigAnt Server 2.97 SP7 over Windows XP SP3 and 2003 SP2.
This exploit allows an attacker to generate a meterpreter .exe and provide a link to it via the exploit. The .exe will be automatically downloaded and executed.
USB Sharp Pro can turn your iPhone, ipad, ipod into a large Capacity, Portable and Wireless storage disk, Facilitate and efficient manage of your files! Support for editing php, js, html file. Support the open format, such as flv,asf,rmvb,avi,mpg,mkv,wmv. Dropbox Operate, multiple files upload & download, history,create folder Add manual Chrome and Firefox Supported upload multiple files Extract files from encryption .rar Optimization pdf reader, Support for importing videos/photos to Photo Library Support for exporting video from Photo Library Search file(folder) name function added Picture Viewer Improved Unzip type added Add authentication for local login Add authentication for wifi transfer Custom background image;... ... ... Full screen view files Supported Multiple photo import Supported Sorting by file name?create time and file type View, copy, move, delete, rename, email, zip Compression and unzip files/folders Encryption folder, protect your files Extract all files from a compressed .zip file Glide deleting function Select all and Cancel all operate Transferring files by wifi and iTunes file sharing Email multiple files, folder Supported Open email attachments Photo import Supported Open files in other applications Landscape mode supported iPad-compatible Plain text: .txt .php .js .html Document: .pdf .csv .rtf .rtfd .doc .docx .xls .xlsx .ppt .pptx (office 2003 or later) Image: .png .jpg .jpeg .gif .bmp .xbm .tif .tiff Audio: .mp3 .m4a .aac Video: .mp4 .mov .m4v .3gp .flv .asf .rmvb .avi .mpg .mkv .wmv Web: .htm .html .xhtml Compressed: .zip .rar
The Domain Trader Script is vulnerable to MySQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries through the 'viewdomain' parameter in the 'catalog.php' page. An example of an exploit URL is provided: 'http://server/catalog.php?viewdomain=now&id=1'
This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .pxs file in Photodex ProShow Producer v5.0.3297 or earlier.
This is a buffer overflow exploit for the /bin/cu program on HP-UX 11.00. It allows an attacker to execute arbitrary code with the privileges of the cu program.
This program allows for the execution of a command prompt with a lower integrity level (IL) by leveraging a vulnerability in Windows. The exploit utilizes a technique described in a blog post by @taviso. By running the program with the command 'icacls ms13-005-funz-poc.exe /setintegritylevel L', the process will launch with a low IL. This exploit has been tested on Windows 7 and is associated with CVE-2013-0008. A video demonstration of the exploit is available at the provided link.
Multiple Cross Site Request Forgery vulnerabilities were found in TP-LINK Admin Panel, because the application allows authorized users to perform certain actions via HTTP requests without making proper validity checks to verify the source of the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
FreeFloat FTP 1.0 allows an attacker to trigger a buffer overflow and execute arbitrary code when a long and invalid raw command is sent to it.
Services By CQR