This module exploits a file upload vulnerability found in Simple E-Document versions 3.0 to 3.1. Attackers can bypass authentication and abuse the upload feature in order to upload malicious PHP files which results in arbitrary remote code execution as the web server user. File uploads are disabled by default.
A SEH overflow occurs when large amount of data is sent to the server.
This exploit takes advantage of a buffer overflow vulnerability in the CWD command of PCMAN FTP version 2.07. By sending a specially crafted string as the argument to the CWD command, an attacker can overwrite the function with junk characters, leading to remote code execution. The exploit includes a shellcode that binds a shell to port 4444.
This exploit takes advantage of a buffer overflow vulnerability in the ABOR command of PCMAN FTP 2.07. By sending a specially crafted payload, an attacker can overwrite the function pointer and gain control of the program. The exploit includes a bind shell on port 4444.
This exploit allows an attacker to retrieve the admin credentials from the JV2 Folder Gallery script. By sending a specially crafted GET request to the 'download.php' file, the attacker can download the 'gallerysetup.php' file which contains the admin credentials.
This exploit allows an attacker to execute arbitrary commands or retrieve the md5 hash of a certain user on a ThWboard <=3.0 beta 2.84-php5 board. The vulnerability is caused by insufficient input validation in the 'styleid' parameter. An attacker can exploit this vulnerability by sending a specially crafted request to the target server.
The FdWeB Espace Membre <= 2.01(path) script is vulnerable to remote file inclusion. The vulnerability allows an attacker to include a remote file by manipulating the 'path' parameter in the 'admin_menu.php' file.
This PoC demonstrates a stack-based buffer overflow vulnerability in Oracle Outside In MDB File Parsing. By providing a specially crafted MDB file, an attacker can exploit this vulnerability to execute arbitrary code or crash the application. The vulnerability has a CVE identifier of CVE-2013-5791. The PoC author is Citadelo.
This exploit allows an attacker to perform blind SQL injection on DigiAffiliate version 1.4. By injecting a specially crafted SQL query, the attacker can retrieve sensitive information such as login credentials and personal details of the admin user.
The vulnerability exists in the 'common.php' file of Poplar Gedcom Viewer v2.0. By manipulating the 'env[rootPath]' parameter, an attacker can execute arbitrary code on the server.