This module exploits a remote code execution vulnerability in the YAML request processor of the Squash application.
A buffer overflow is triggered when a long MKD command is sent to the server and the user views the Log tab.
The vulnerability allows an attacker to gather information by exploiting the 'html_entity_decode()' function in PHP. This can aid in other attacks.
THCIISSLame 0.3 is a remote root exploit for IIS 5 SSL. The exploit was found by Internet Security Systems and the reversing credits go to Halvar Flake. This exploit allows an attacker to gain remote root access on a target system running IIS 5 with SSL enabled. The exploit uses a connectback shell.
AdMan is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This script allows to execute a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of executing only a single command without any parameter, as provided by already existing exploits. As shown below, it's possible to exploit the security issue in order to run any command inside the target system.
This proof of concept code demonstrates a buffer overflow vulnerability in the setsockopt function. It crashes the machine but does not provide a root shell. It can potentially be used for a rootshell exploit on machines with outdated kernels (2.6.1, 2.6.2, and 2.6.3).
PHP exploit written below can be used to add malicious contents to any page created by CMS. The rexploits results in HTML outputs corresponding CMS pages (main pages). HTML outputs are called CSRF exploit which will edit the page which will include malicious content and old contents of page. Malicious content must be chosen by the attacker. In the case of illustration, I just put the <script>alert('123');</script>. Many devastating usage would be achieved through injecting HTML code to a page.
The suEXEC feature in Apache allows users to run CGI and SSI programs under different user IDs than the web server. However, a bug in the suEXEC configuration can allow an attacker to read any file or directory on the UNIX/Linux system with the user and group ID of the Apache web server. This can be exploited by running PHP or CGI code inside a web hosting environment that uses suEXEC as a protection mechanism.
This exploit is a proof of concept for a buffer overflow vulnerability in WFTPD Pro Server 3.23.1.1. It currently only causes a denial of service (DOS).
Services By CQR