This exploit is a buffer overflow vulnerability in Enet, a UDP networking library. The vulnerability is caused by a lack of bounds checking when receiving data from a remote host. This can allow an attacker to send malicious data that can overwrite the program's memory, potentially leading to code execution.
D2-Shoutbox 4.2 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as passwords and other confidential data.
LibTIFF is vulnerable to a buffer overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted TIFF file to the vulnerable application, which can lead to arbitrary code execution. This exploit was tested on LibTIFF 3.7.1 and coded by Agustin Gianni and Samelat. It can also be used as a remote exploit.
Fantastic News v2.1.2 (and possibly below) is vulnerable to Remote Command Execution. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable application. This vulnerability can be exploited by an unauthenticated attacker.
Various routers, particularly Netgear and Linksys routers, are vulnerable to an IRC-only DoS attack. If a client behind one of the vulnerable routers connects to an IRC server on port 6667 (and only 6667, does not DoS with other ports) and a user posts the string 'DCC SEND anylongrandomstringhere' in either a channel, private message, ctcp, notice, etc., the router will drop the connection. The routers that are vulnerable to this are running vxworks as their embedded OS. Older linux Linksys routers appear to be immune.
A SQL injection vulnerability exists in TotalECommerce, which allows an attacker to execute arbitrary SQL commands on the vulnerable system. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.
This exploit allows an attacker to execute arbitrary commands on a vulnerable server running PHP-Stats <= 0.1.9.1. The vulnerability exists due to the lack of input validation in the 'admin_pass' parameter, which can be overwritten by an attacker. This allows an attacker to execute arbitrary commands on the vulnerable server.
This exploit allows an attacker to execute arbitrary commands on a vulnerable server running phpRPC version 0.7 or lower. The attacker can send a malicious XML request to the server, which will then execute the command and return the output.
Limbo CMS version 1.0.4.2 and prior are vulnerable to a remote code execution vulnerability. The vulnerability is due to the application not properly sanitizing user-supplied input passed via the 'ItemID' parameter to the 'index.php' script. This can be exploited to execute arbitrary commands on the affected system with the privileges of the webserver process.
ProtoVer NFS testsuite 1.0 uncovered remote kernel panic vulnerability in FreeBSD 6.0 kernel.
Services By CQR