A buffer overflow vulnerability exists in XM EASY PERSONAL FTP SERVER v4.3. An attacker can send a specially crafted USER command with an overly long string, resulting in a buffer overflow. This may allow the attacker to execute arbitrary code in the context of the application.
This is an exploit for MS Office 2010 RTF Header Stack Overflow Vulnerability. It gracefully bypasses DEP/ASLR in MS Office 2010, and is named 'Ikazuchi DEP/ASRL Bypass'. The exploit involves a series of POP, MOV, CALL, and ADD instructions to create a RWX Heap, store the ESP address, and copy shellcode.
This vulnerability allows an attacker to include a remote file on the web server. It occurs due to a lack of proper validation of user-supplied input by the application. An attacker can exploit this vulnerability by sending a specially crafted request to the web server.
This exploit attempts to kill zawhttpd by sending a malicious GET request to the server. The malicious request contains a large number of backslashes which can cause a buffer overflow and crash the server.
Albinator Multiple Parameter File Inclusion is a vulnerability that allows an attacker to include a remote file on the web server. This vulnerability was discovered by VietMafia and r0t and was exploited by webDEViL w3bd3vil[at]gmail.com. The exploit uses a perl script to send a GET request to the vulnerable server with the path to the remote file and the command variable used in the php shell. The attacker can then execute arbitrary commands on the server.
This exploit is a proof of concept for a denial of service vulnerability in Golden FTP Server Pro 2.70. It uses the APPE command to send a string of 1000 characters to the server, causing it to crash. The exploit requires the host and port of the server to be specified, as well as optional username and password credentials.
MySql Anonymous Login Memory Leak is a vulnerability in MySql versions 5.0.20 and 4.1.x which allows an attacker to leak memory from the server. This exploit was discovered by Stefano Di Paola in 2006 and was published in a paper titled 'my_anon_db_leak.c'. The exploit is written in C and can be compiled with gcc. It can be used to send a malicious packet to the server and receive a response containing leaked memory.
MySql COM_TABLE_DUMP Memory Leak & MySql remote B0f exploit was discovered by Stefano Di Paola in 2006. It affects MySql versions <= 5.0.20 and <= 4.x.x. It allows an attacker to leak the content of MySql Server Memory and gain remote shell access. The exploit can be compiled with gcc and then executed with the command my_exploit [-H] [-i] [-t 0xtable-address] [-a 0xthread-address] [[-s socket]|[-h host][-p port]][-x].
This exploit is for Conky 1.8.0 on Linux. It was discovered by Arturo D'Elia on 12 Dec 2010. The exploit is a local DoS/PoC exploit which sends a DoS/PoC string to the conky configuration file. This causes the system to crash.
Fast Click <= 2.3.8 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute arbitrary code on the vulnerable system. This exploit was discovered and coded by R@1D3N (amin emami). The exploit requires the attacker to know the full path to the Fastclick application, the path to the command shell, and the command variable used in the PHP shell.
Services By CQR