This exploit is a proof of concept for a stack overflow vulnerability in All to All Audio Convertor files. It creates a file called 'poc.ogg' which contains 500 'A' characters. This can be used to overwrite the stack and potentially execute arbitrary code.
A vulnerability in the Wazzum Dating Software allows an attacker to upload malicious files to the server. The attacker can register on the website and then use Tamper Data to upload malicious files to the server. The malicious files can be found in the includes/videos/ and includes/audios/ directories.
A buffer overflow vulnerability exists in RM Downloader 3.0.2.1 when a specially crafted .asx file is loaded. This could allow an attacker to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient bounds checking of user-supplied data when parsing the .asx file. An attacker can exploit this vulnerability by enticing a user to open a malicious .asx file.
An attacker can bypass authentication by accessing the admin panel, edit index home, image.php, and upload/1.php.
An attacker can bypass authentication by accessing the admin panel at http://localhost/Fa-Ads/admin/ and then uploading malicious files to http://localhost/Fa-Ads/admin/image.php or creating a new account at http://localhost/Fa-Ads/buy.php and then accessing the malicious file at http://localhost/FaHome/upload/1.php or http://localhost/Fa-Ads//upload/20100328210343.php
Denapars Shop Script is vulnerable to multiple vulnerabilities such as an authentication bypass, two file upload vulnerabilities, and a JavaScript injection vulnerability. An attacker can exploit these vulnerabilities to gain access to the admin panel, upload malicious files, and inject malicious JavaScript code.
An attacker can exploit a blind SQL/XPath injection vulnerability in Yamamah Version 1.00 by sending a crafted HTTP request to the vulnerable server. The attacker can use the 'calbums' parameter to inject malicious SQL/XPath statements into the application and gain access to sensitive information from the database.
An attacker can bypass authentication by accessing the admin panel at http://localhost/famarket/admin/, creating a new product and uploading an evil file at http://localhost/famarket/admin/add.pro.php, and then finding the evil file at http://localhost/FaMarket/upload/c99.php.
This exploit is for ASX to MP3 Converter Version 3.0.0.100 (.pls) Universal Stack Overflow. It is exploited by mat and is available at http://mini-stream.net/asx-to-mp3-converter/. The exploit code is written in Perl and contains a shellcode which is used to overwrite the return address of the vulnerable function. The exploit code creates a malicious .pls file which is used to trigger the vulnerability.
This vulnerability allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to the attacker including arbitrary local files from the target server, which may contain sensitive information such as configuration files, passwords, etc.
Services By CQR