The value of the Content-Length header is passed directly to a pemalloc() call in sapi/cli/php_cli_server.c on line 1538. The inline function defined within Zend/zend_alloc.h for malloc() will fail, and will terminate the process with the error message 'Out of memory'.
This vulnerability can be exploited by a maliciously crafted MP4 file. When the file is opened, the application will crash due to the memory corruption.
Multiple Local File Inclusion vulnerabilities were discovered in RIPS <= 0.53. An attacker can exploit these vulnerabilities by sending a crafted HTTP request with a malicious file path to the vulnerable server. This will allow the attacker to read the contents of any file on the server.
This module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callme_page.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callme_startcall in order to gain remote code execution. Please note in order to use this module properly, you must know the extension number, which can be enumerated or bruteforced, or you may try some of the default extensions such as 0 or 200. Also, the call has to be answered (or go to voice). Tested on both Elastix and FreePBX ISO image installs.
This module exploits a vulnerability found in Ricoh DC's DL-10 SR10 FTP service. By supplying a long string of data to the USER command, it is possible to trigger a stack-based buffer overflow, which allows remote code execution under the context of the user. Please note that in order to trigger the vulnerability, the server must be configured with a log file name (by default, it's disabled).
This exploit is for mmPlayer 2.2 (.ppl) Local Buffer Overflow Exploit (SEH). It is a type of attack wherein the perpetrator sends malicious data to the vulnerable application. The application then tries to process the malicious data and execute it, resulting in a buffer overflow. The malicious data is sent in the form of a specially crafted file, which when opened by the vulnerable application, causes the buffer overflow.
This exploit is for mmPlayer 2.2, a media player for Windows. It is a local buffer overflow exploit that uses SEH (Structured Exception Handler) to overwrite the SEH handler and execute arbitrary code. The exploit is written in Perl and creates a malicious .m3u file that contains a payload of shellcode.
This proof of concept code was written for educational purpose only. It exploits a vulnerability in the Phpfox_Module::getComponent() method defined into /include/library/phpfox/module/module.class.php. Due to $sClass parameter is "explode()d" by dots at line 716 and to satisfy the regex at line 748, it isn't possible to inject code which contains dots or parentheses, but is still possible to inject semi-arbitrary OS commands leveraging of PHP's backtick operator. Input passed through $_POST[core][call] (or $_POST[phpfox][call] in v2) to /static/ajax.php is passed to getComponent() method as $sClass parameter.
The vulnerability is caused due to the Search box function not checking the boundary of user input. This can be exploited to cause a DoS due to memory exhaustion when inserting a long string of bytes (~80mil B / 80 MB) into the Search field in the GUI.
Wolfcms 0.75 (and lower) is prone to multiple CSRF vulnerabilities that allow to delete admin/user, delete web pages, delete 'images' and 'themes' directory, force logout when an authenticated admin/user browses a special crafted web page. This cms is also affected by XSS vulnerabilities in 'wolfcms/admin/user/add' pages due to an improper input sanitization of 'user[name]', 'user[email]' and 'user[username]' parameters passed via POST http method.
Services By CQR