This exploit is for Crystal Reports Viewer 12.0.0.549. It is a 0-day exploit and uses the PrintControl.dll file located in the ActiveXControls folder of the CrystalReportViewers12 directory. The exploit uses the ServerResourceVersion method of the CrystalPrintControlLib.CrystalPrintControl ProgID to execute a Windows/exec payload with the command calc.exe. The exploit was tested on a Windows XPSP3 VM with IE 7.0.5730.13, however it was not 100% reliable.
FontForge is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
SnackAmp 3.1.3 is vulnerable to a malicious SMP buffer overflow vulnerability. This vulnerability can be exploited by an attacker to execute arbitrary code on the vulnerable system. The vulnerability is caused due to a boundary error when handling specially crafted SMP files. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted SMP file to the vulnerable application. Successful exploitation of this vulnerability can result in arbitrary code execution in the context of the user running the vulnerable application.
These devices are susceptible to Cross-Site Request Forgery (CSRF). An attacker that is able to coerce a ClearSpot / iSpot user into following a link can arbitrarily execute system commands on the device. The following examples will allow an attacker to enable remote access to the iSpot and ClearSpot 4G, and add their own account to the device. This level of access also provides a device's client-side SSL certificates, which are used to perform device authentication. This could lead to a compromise of ClearWire accounts as well as other personal information.
FreeAmp 2.0.7 is vulnerable to a buffer overflow attack when a specially crafted .m3u file is opened. The exploit uses an egghunter to search for the egg, which is then followed by a payload of 228 bytes. The payload contains a shellcode that executes calc.exe. The exploit was tested on Windows XP SP3 HUN.
This exploit is a modified perl version of metasploit module which is used to gain root access on Exim 4.63 running on RedHat/Centos/Debian. It uses a connect back shell as 'trojanurl' and sets up a netcat. It creates a C program in the spool directory of Exim4 and compiles it to get root access. It also creates a configuration file in the tmp directory and runs exim with the configuration file. It then runs the C program to get root access.
This exploit is a proof of concept, which can be used against the admin interface (port 7080) of LiteSpeed Web Server 4.0.17 Standard & Enterprise x86 on FreeBSD 8.0-RELEASE, FreeBSD 6.3-RELEASE and FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.15 Standard x86. It can also be used against the compiled SAPI version of the shipped linux version of lsphp, but the offsets differ from box to box. The exploit buffer contains a setreuid, connect back, and a reverse shell port 443.
Internationalization extension (further is referred as Intl) is a wrapper for ICU library, enabling PHP programmers to perform UCA-conformant collation and date/time/number/currency formatting in their scripts. Number Formatter: allows to display number according to the localized format or given pattern or set of rules, and to parse strings into numbers. As we can see in PHP_FUNCTION( numfmt_get_symbol ) will crash for differ value. example {2444492804, 2147483648, 2147483649, 2554462209}
This exploit allows an attacker to inject malicious SQL code into the vulnerable Joomla Component Billy Portfolio 1.1.2. The attacker can use the index.php?option=com_billyportfolio&view=billyportfolio&catid=-1 and if(1,benchmark(5000000,md5(1)),1) command to inject the malicious code.
Sulata iSoft (developer by Rizwan Azam) contains a vulnerability that allows an attacker to download and view the source file stream.php. The vulnerability is located in the _admin/stream.php file, which allows an attacker to download the connection.php file by appending the path parameter with '../connection.php'. This can be exploited to gain access to sensitive information such as database credentials.
Services By CQR