This module exploits a vulnerability found on Firefox 17.0 (< 17.0.2), specifically an use after free of an Element object, when using the serializeToStream method with a specially crafted OutputStream defining its own write function. This module has been tested successfully with Firefox 17.0.1 ESR, 17.0.1 and 17.0 on Windows XP SP3.
The PHP-Nuke application fails to properly sanitize user-supplied input, resulting in multiple remote file-include vulnerabilities. An attacker can exploit these vulnerabilities to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This can lead to the compromise of the application and the underlying system.
Input passed to the 'f' parameter in "/manager/index.php" isn't properly verified before being used in an include function, this can be exploited to include local files on target host or execute command, we need admin credentials to exploit this vuln.
The code establishes a TCP connection with port 53 of a target system. It makes use of the "infoleak" bug (through UDP) to obtain the base value of the named process frame stack pointer, which is later used for constructing proper DNS tsig exploit packet. Upon successful exploitation, the assembly routine gets executed. It walks the descriptor table of the exploited named process in a search for the socket descriptor of the previously established TCP connection. Found descriptor is duplicated on stdin, stdout and stderr and /bin/sh is spawned. The use of such an assembly routine allows successful exploitation of the vulnerability in the case when vulnerable DNS servers are protected by tightly configured firewall systems (with only 53 tcp/udp port open).
This exploit targets a stack overflow vulnerability in the Microsoft Windows Wkssvc NetrJoinDomain2 function. It allows an attacker to execute arbitrary code on a vulnerable system.
The SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
The MonoChat application is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This allows an attacker to inject malicious HTML and script code, which would be executed in the context of the affected website. This could potentially lead to the theft of cookie-based authentication credentials or control over how the site is rendered to the user. Other attacks may also be possible.
This is an exploit for Bug #1 described in http://www.exploit-db.com/exploits/26558/. The exploit will generate a winamp.ini file that will cause winamp to run the payload upon startup.
The Chart Mod application is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection vulnerabilities. These vulnerabilities occur due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, steal authentication credentials, or exploit vulnerabilities in the underlying database implementation.
The GNU 'binutils' is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Remote attackers may crash the 'strings' utility, potentially making analysis of malicious binaries more difficult. Attackers may also execute arbitrary machine code in the context of applications that use the affected library.