This exploit targets a vulnerability in Photodex ProShow Producer v5.0.3310. It uses a jump to an offset of ESP instead of an egghunter. The seh exploit looks like this: shellcode-->junk-->next seh-->seh-->jumpcode. The exploit replaces a file in the app folder.
This module exploits a file upload vulnerability found in Open Flash Chart version 2. Attackers can abuse the 'ofc_upload_image.php' file in order to upload and execute malicious PHP files.
The deV!Lz Clanportal application is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This vulnerability allows an attacker to corrupt the memory of the FortKnox Personal Firewall kernel driver, potentially leading to a privilege escalation or denial of service.
GNU Tar is prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. These issues present themselves when the application processes malicious archives. A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.
Novell Client is prone to a remote buffer-overflow vulnerability. Successful exploits may result in a denial-of-service condition or arbitrary code execution. Remote, anonymous attackers may exploit this issue via RPC requests.
This code is used to build a TCP packet based on the tcp1.c sample code from libnet-1.1.1. It allows an attacker to inject malicious code into the target system through a TCP connection. The code can be compiled and executed with specific parameters to send packets with modified sequence numbers. This can be used for various purposes, including resetting TCP connections and potentially disrupting network communication.
The SpotLight CRM 1.0 web application is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by sending a specially crafted SQL query through the login.asp page. This allows the attacker to manipulate the database and potentially gain unauthorized access to sensitive information.
The vulnerability exists in Kerio MailServer due to a flaw when handling malformed network traffic. Successful exploits will result in denial-of-service conditions.
This exploit takes advantage of a vulnerability in the LD_PRELOAD environment variable to execute arbitrary code. It specifically targets the initscript file on Red Hat 6.0 and potentially other systems. It creates a file called /etc/initscript and modifies its contents to copy /bin/bash to /var/tmp/.nothing, set the setuid bit on /var/tmp/.nothing, and then remove /etc/initscript.
Services By CQR