This exploit allows an attacker to execute arbitrary code on a vulnerable Gravity Board X v1.1 (possibly prior versions) installation. The vulnerability is due to insufficient sanitization of user-supplied input in the 'csscontent' parameter of the 'editcss.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request containing arbitrary commands to the vulnerable script. The commands will be executed with the privileges of the web server process.
The Windows Media Player plug-in for non-Microsoft browsers (Firefox, Opera, etc.) suffers from an exploitable overflow in its handling of EMBED tags. Specifically, a very long SRC property on such a tag can lead to an overflow that will corrupt a structured exception handling frame. The SEH frame is the vector of control that is exploited. DEP is turned off for non-Microsoft code, so there's no issue there. The overrun buffer (the SRC attribute) is seriously mangled before it is handled by the plug-in. In particular, any character with the sign bit set (> 0x7F) is replaced.
This exploit is used to gain access to the passwords of all users in the webspell 4.01 application. It uses a SQL injection vulnerability to gain access to the database and extract the passwords.
This exploit is a proof of concept for a Denial of Service attack against D-Link Wireless Access Point. It sends three fragmented UDP packets to the target, which can cause the device to crash.
This exploit allows an attacker to register multiple users on Invision Power Board (IPB) forums, resulting in a denial of service. It does not work on forums using 'Code Confirmation'.
Power Daemon v2.0.2 Remote Format String Exploit is a vulnerability that allows an attacker to execute arbitrary code on the target system by exploiting a format string bug in the Power Daemon v2.0.2. The exploit uses a maliciously crafted string to overwrite the return address of the stack frame with the address of the shellcode. The shellcode then binds a shell to a port on the target system.
RunCMS versions <= 1.2 are vulnerable to arbitrary remote inclusion in modules/newbb_plus/class/class.forumposts.php and modules/newbb_plus/class/forumpollrenderer.php. The exploit can be triggered by sending a crafted URL to the target. Versions <= 1.3a are vulnerable to shell upload through FCKEditor, which can be used to upload a malicious shell and execute it.
This exploit is used to cause a denial of service on a Half-Life engine server. It is done by creating a socket connection to the server on port 27015 and sending a 'getchallenge' command followed by a 'connect' command with a specific key. This causes the server to crash.
This exploit combines two vulnerabilities (CVE-2004-0950 and CVE-2004-0951) to gain root access on a default QNX 6.3.0 install. The exploit first checks if the file /etc/rc.d/rc.local is writable, and if it is, it creates a C program in /tmp/moo.c, compiles it, and adds a command to /etc/rc.d/rc.local to set the root UID and run a shell. The exploit then crashes the system and uses GDB to gain root access.
CPGNuke Dragonfly 9.0.6.1 is vulnerable to remote commands execution through arbitrary local inclusion. This vulnerability is present in the install.php file which is not deleted after the Dragonfly installation. The vulnerability is present in lines 33-49 of the install.php file, where the application is vulnerable to an arbitrary local file inclusion attack. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious file path in the newlang parameter. This will allow the attacker to execute arbitrary commands on the vulnerable system.
Services By CQR