This exploit targets a vulnerability in the FreeBSD 9.0 kernel that allows for privilege escalation. The exploit takes advantage of a flaw in the Intel SYSRET instruction. By manipulating the IDT (Interrupt Descriptor Table), the exploit is able to gain kernel-level privileges. The payload function is responsible for executing the privilege escalation.
Skype is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before using it in the format-specification argument of a formatted-printing function. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, potentially facilitating the remote compromise of affected computers.
The ja-elvis and ko-helvis packages on FreeBSD versions prior to ja-elvis-1.8.4_1 and ko-helvis-1.8h2_1 contain a file recovery utility called 'elvrec' that is installed suid root(4755) by default. This utility is vulnerable to a buffer overflow, which can be exploited to gain root privileges.
This exploit allows an attacker to include local files on the server running Serendipity version 1.0.3. It works when the server has register_globals set to On.
HylaFAX+ contains a daemon, 'hfaxd', that allows a 'fax client' to communicate with the fax server to submit fax jobs, query status, configure modems, etc. The code path for authenticating users via LDAP allocates a 255-byte buffer and then 'strcats' user-supplied data buffered from the inbound FTP control channel. It is possible for an UNAUTHENTICATED remote attacker to overflow the heap with a limited character set, leading to potential crashes or hangs. No actual exploit leveraging this vulnerability has been constructed yet.
This exploit allows an attacker to execute remote commands and escalate privileges in PHPGraphy 0.9.12. It works against servers with register_globals=on. The attacker can specify the target server, path to PHPGraphy, and the command to execute. Optional parameters include specifying a different port or using a proxy. This exploit has been developed by rgod. The dork used to find vulnerable sites is intext:"This site is using phpGraphy" | intitle:"my phpgraphy site". Contact information for the author is provided as mail: retrog@alice.it and site: http://retrogod.altervista.org.
The SQL injection occurs due to a user supplied HTTP header being used in the query without sanitisation.
This is a poc intended to exploit the 3Com TFTP Service version 2.0.1 long transporting mode buffer overflow under xp sp2 english (Vulnerability discovered by Liu Qixu)
PLESK is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
The vulnerabilities in CA eTrust Security Command Center and eTrust Audit are due to the lack of user input validation and design errors in user permissions and secure data-transmission protocols. An attacker can exploit these vulnerabilities to access sensitive information, delete files, and carry out replay attacks.