This module exploits an arbitrary memory access vulnerability in the Quicktime for Java API provided with Quicktime 7.
This module exploits a flaw in the getSoundbank function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier.
The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications.
This module exploits a buffer overflow in RealServer 7/8/9 and was based on Johnny Cyberpunk's THCrealbad exploit. This code should reliably exploit Linux, BSD, and Windows-based servers.
This module exploits a stack based buffer overflow in the ntpd and xntpd service. By sending an overly long 'readvar' request it is possible to execute code remotely. As the stack is corrupted, this module uses the Egghunter technique.
This is an exploit for the Subversion date parsing overflow. This exploit is for the svnserve daemon (svn:// protocol) and will not work for Subversion over webdav (http[s]://). This exploit should never crash the daemon, and should be safe to do multi-hits. WARNING This exploit seems to (not very often, I've only seen it during testing) corrupt the subversion database, so be careful!
The vulnerability allows an unprivileged attacker to download files whom he has no permissions to.
This class allows to copy/overwrite files inside arbitrary locations ex. by the GetFile() method. This code creates a batch file inside the automatic startup folder, setup a ftp server allowing anonymous connections and place the code you want to be retrieved.
Ignition 1.3 is vulnerable to Local File Inclusion (LFI) vulnerability. This vulnerability can be exploited by an attacker to include local files on the server. The attacker can send a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable page.php script in order to include local files from the web server. The vulnerability is due to insufficient sanitization of user-supplied input passed via the 'page' parameter. An attacker can exploit this vulnerability to include local files from the web server and execute arbitrary code on the vulnerable system.
A directory traversal vulnerability in QuickPHP Web Server 1.9.1 can be exploited to read files outside of the webroot directory. The resource path must be absolute and the exploit is ..%2F
Services By CQR