This exploit allows an attacker to execute arbitrary code on a vulnerable server by including a file from a remote web server through a vulnerable SQuery application. The attacker can use this vulnerability to upload a malicious file and execute it on the server.
This exploit allows an attacker to execute arbitrary code on a vulnerable JBoss Application Server. The exploit works by sending a specially crafted HTTP request to the target server, which contains a malicious JSP file. The malicious JSP file contains code that will open a socket connection to the attacker's machine, allowing the attacker to execute arbitrary commands on the target server.
This exploit is a Buffer Overflow vulnerability found by AtT4CKxT3rR0r1ST(http://www.exploit-db.comexploits/16255/). It creates a folder and a file inside it with the name 'fil3.cda' which contains a shellcode that executes the calc.exe when opened with Magic Music Editor 8.12.2.11 on Windows XP SP3.
This exploit is based on work by stripey from back in the day. It is a remote exploit for Compaq Tru64 UNIX V5.0 (Rev. 910) (TruNastyWhore.localdomain). It uses a buffer overflow vulnerability to execute a shellcode of length 1024 bytes. The exploit sets the environment variable NLSPATH to the shellcode and then executes the edauth command with a heapgrow of length 30000 bytes.
This exploit is based on work by stripey from back in the day. It is a buffer overflow exploit for Compaq Tru64 UNIX V5.0. It sets the NLSPATH environment variable to a malicious payload and then executes the rdist command. The malicious payload contains a shellcode and a return address.
EzASPSite is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the administrator's username and password hash. The exploit requires the attacker to send a specially crafted HTTP request to the vulnerable server.
The vulnerability exists due to failure in the "/wp-content/plugins/comment-rating/comment-rating-options.php" script, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information. The vulnerability also exists due to failure in the "/wp-content/plugins/comment-rating/ck-processkarma.php" script to properly sanitize user-supplied input in "id" variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
Plogger <= Beta 2.1 is vulnerable to SQL injection in the 'id' GET parameter of the 'index.php' script. An attacker can exploit this vulnerability to gain administrative credentials.
This exploit is a proof-of-concept code for a buffer overflow vulnerability in the Line Printer Daemon (LPD) service. The vulnerability is triggered when a maliciously crafted print job is sent to the LPD service. The code sends a buffer of length 0x41 to the LPD service, which causes a buffer overflow and can lead to arbitrary code execution.
This exploit allows an attacker to execute arbitrary commands on the vulnerable server by exploiting a command injection vulnerability in Greymatter. The attacker can send a malicious HTTP request to the vulnerable server with a crafted command in the 'cmd' parameter of the URL. The attacker can then execute arbitrary commands on the vulnerable server.
Services By CQR