This exploit allows an attacker to include arbitrary files by manipulating the NETTYPE variable in the lpstat command. By creating a malicious file and library, the attacker can execute arbitrary code as root.
phpSysInfo is prone to multiple input validation vulnerabilities, including cross-site scripting (XSS), HTTP response splitting, and arbitrary local file inclusion. These vulnerabilities are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to steal cookie-based authentication credentials, aid in phishing attacks, retrieve privileged or sensitive information, and perform other attacks.
Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT' environment variables when tainting is ignored. An attacker can exploit this vulnerability to bypass security restrictions and include arbitrary library files.
The RealPlayer and RealOne Player applications are prone to a remote stack-based buffer-overflow vulnerability. This vulnerability occurs when parsing RM (Real Media) files, and can be exploited by a remote attacker to execute arbitrary code and gain unauthorized access. The exploit uses a seh overwrite method, which takes advantage of the SEH being placed in multiple locations over different OS's, making it universal. The exploit includes a bindshell on port 13579.
This is an exploit for Bifrost 1.2d that allows remote code execution. The exploit utilizes the RC4 encryption algorithm to encrypt the payload and then sends it to the vulnerable host. The payload contains a shellcode that executes the 'calc.exe' process.
The Bifrost 1.2.1 exploit is a buffer overflow vulnerability that allows an attacker to execute arbitrary code on a remote system. The vulnerability exists in the 'header' function, which is called when generating the header for a Bifrost connection. By sending a specially crafted request, an attacker can overwrite the return address of the function and gain control of the execution flow. This exploit uses a combination of techniques, including RC4 encryption and shellcode injection, to bypass security measures and achieve remote code execution.
Attackers can modify a text file to include local variables containing shell commands in an 'eval' statement, leading to the execution of arbitrary commands.
An attacker can inject arbitrary script code in the browser of an unsuspecting user by exploiting a failure in input sanitization in Antville. This can lead to the theft of authentication credentials and other attacks.
File Transfer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access arbitrary files outside of the application's root directory. This can expose sensitive information that could help the attacker launch further attacks.
This exploit allows an attacker to execute remote code on a phpBP RC3 (2.204) server. The vulnerability is caused by a SQL injection and command injection vulnerability in the phpBP script. To successfully exploit this vulnerability, the attacker needs to have an admin session.