This exploit allows an attacker to perform SQL injection and disclose admin credentials in Discuz! version 4.x. The exploit was developed by rgod and can be found on the site http://retrogod.altervista.org.
NX5Linkx is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker may be able to exploit these issues to modify the logic of SQL queries. Successful exploits may allow the attacker to compromise the software, retrieve information, or modify data; other consequences are possible as well.
This is a proof of concept exploit for src/support.c:sreplace stack overflow. The off-by-one heap overflow bug in proftpd's sreplace function has been discovered about 2 (two) years ago by Evgeny Legerov. We tried to exploit this off-by-one bug via MKD command, but failed. We did not work on this bug since then. Actually, there are exists at least two bugs in sreplace function, one is the mentioned off-by-one heap overflow.
This is just a DoS exploiting code. A vulnerability has been identified in 3CTftpSvc TFTP Server, which could be exploited by attackers to execute arbitrary commands or cause a denial of service. This flaw is due to a buffer overflow error when handling an overly long transporting mode (more than 470 bytes) passed to a "GET" or "PUT" command, which could be exploited by malicious users to compromise a vulnerable system or crash an affected application.
This exploit targets the /usr/bin/Mail program in Slackware 7.1. It takes advantage of a buffer overflow vulnerability to gain elevated privileges. By providing a specially crafted input, an attacker can overwrite the return address and execute arbitrary code.
This module exploits a vulnerability mainly affecting Microsoft Windows XP and Windows 2003. The vulnerability exists in the handling of the Screen Saver path, in the [boot] section. An arbitrary path can be used as screen saver, including a remote SMB resource, which allows for remote code execution when a malicious .theme file is opened, and the "Screen Saver" tab is viewed.
This module exploits a use-after-free vulnerability found in Internet Explorer, specifically in how the browser handles the caret (text cursor) object. In IE's standards mode, the caret handling's vulnerable state can be triggered by first setting up an editable page with an input field, and then we can force the caret to update in an onbeforeeditfocus event by setting the body's innerHTML property. In this event handler, mshtml!CCaret::`vftable' can be freed using a document.write() function, however, mshtml!CCaret::UpdateScreenCaret remains unaware of this change, and still uses the same reference to the CCaret object. When the function tries to use this invalid reference to call a virtual function at offset 0x2c, it finally results a crash. Precise control of the freed object allows arbitrary code execution under the context of the user.
The attacker can make Share KM pc Server Crash or disconnect the connection while the Android client is connected to Share KM server on PC. The attacker can also make Share KM server Crash when the user is Showing RTT from the notification taskbar.
This exploit allows an attacker to remotely change the DNS servers on a FiberHome Modem Router HG-110. By exploiting a path traversal vulnerability, the attacker can access sensitive files, such as the 'shadow' file, and modify the DNS configuration.
The Woltlab Burning Board Lite 1.0.2 is vulnerable to a blind SQL injection exploit. This vulnerability allows an attacker to execute arbitrary SQL queries on the target server, potentially leading to unauthorized access or data manipulation.
Services By CQR