This proof of concept code demonstrates a buffer overflow vulnerability in the setsockopt function. It crashes the machine but does not provide a root shell. It can potentially be used for a rootshell exploit on machines with outdated kernels (2.6.1, 2.6.2, and 2.6.3).
PHP exploit written below can be used to add malicious contents to any page created by CMS. The rexploits results in HTML outputs corresponding CMS pages (main pages). HTML outputs are called CSRF exploit which will edit the page which will include malicious content and old contents of page. Malicious content must be chosen by the attacker. In the case of illustration, I just put the <script>alert('123');</script>. Many devastating usage would be achieved through injecting HTML code to a page.
The suEXEC feature in Apache allows users to run CGI and SSI programs under different user IDs than the web server. However, a bug in the suEXEC configuration can allow an attacker to read any file or directory on the UNIX/Linux system with the user and group ID of the Apache web server. This can be exploited by running PHP or CGI code inside a web hosting environment that uses suEXEC as a protection mechanism.
This exploit is a proof of concept for a buffer overflow vulnerability in WFTPD Pro Server 3.23.1.1. It currently only causes a denial of service (DOS).
Mozilla Thunderbird is susceptible to multiple remote information-disclosure vulnerabilities. These issues allow remote attackers to gain access to potentially sensitive information and know whether and when users read email messages.
The WinGraphviz.dll ActiveX control in StarUML allows remote attackers to execute arbitrary code via a long argument to the ToDot method, which triggers a buffer overflow.
This exploit targets a buffer overflow vulnerability in Squirremail's chpasswd utility. It allows an attacker to gain root privileges on a system. The exploit takes advantage of a buffer overflow in the chpasswd program, allowing the execution of arbitrary code.
The Windows kernel does not properly isolate broadcast messages from low integrity applications from medium or high integrity applications. This allows commands to be broadcasted to an open medium or high integrity command prompts allowing escalation of privileges. We can spawn a medium integrity command prompt, after spawning a low integrity command prompt, by using the Win+Shift+# combination to specify the position of the command prompt on the taskbar. We can then broadcast our command and hope that the user is away and doesn't corrupt it by interacting with the UI. Broadcast issue affects versions Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, RT. But Spawning a command prompt with the shortcut key does not work in Vista so you will have to check if the user is already running a command prompt and set SPAWN_PROMPT false. The WEB technique will execute a powershell encoded payload from a Web location. The FILE technique will drop an executable to the file system, set it to medium integrity and execute it. The TYPE technique will attempt to execute a powershell encoded payload directly from the command line but it may take s
This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the ldapsyncnow.php component, due to the insecure usage of the shell_exec() php function. This module has been tested successfully on PineApp Mail-SeCure 3.70.
The Wimpy MP3 application is vulnerable to an arbitrary file overwrite weakness. An attacker can exploit this vulnerability by providing malicious data through the 'trackFile' parameter in the 'wimpy_trackplays.php' script. This can lead to the overwrite of a text file with attacker-supplied content. Successful exploitation of this vulnerability can assist an attacker in further attacks.