This script is a proof of concept for the MOAB-17-01-2007 vulnerability. It sends a malicious payload to a target path, causing a memory corruption. The payload consists of repetitive 'X' characters followed by a memory address. The script then creates a socket connection and writes the payload to the socket. The vulnerability was originally reported to Apple by Kevin Finisterre on 08/02/2006.
The vulnerability exists in the 'lang/index.php' file of the Oreon version 1.2.3-RC4 script. The issue is caused by the lack of proper input validation, allowing an attacker to include arbitrary files via the 'file' parameter in a GET request. This can lead to remote code execution.
This is a scripting example that demonstrates a vulnerability in MSOE (Microsoft Outlook Express). When a user clicks on the link provided in the HTML code, it executes a script that displays the innerHTML of the body element. This can be used by an attacker to extract sensitive information from the user's Outlook Express.
The exploit is a Proof of Concept for a buffer overflow vulnerability in Microsoft Help Workshop v4.03.0002. It allows an attacker to execute arbitrary code by exploiting a buffer overflow in the software. The vulnerability was discovered and the exploit was built by porkythepig.
The Uberghey CMS 0.3.1 is vulnerable to remote code execution. The vulnerability exists in the 'frontpage.php' file, specifically on line 17, where it includes a file without proper input validation. An attacker can exploit this vulnerability by injecting a specially crafted file path in the 'setup_folder' parameter, leading to the execution of arbitrary code.
This script exploits a vulnerability in Woltlab Burning Board 2.3.6 and earlier versions. It allows an attacker to retrieve the username and password hashes of a specific user by injecting SQL code into the search functionality.
MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted queries. An attacker can exploit this issue to crash the application, denying access to legitimate users. NOTE: An attacker must be able to execute arbitrary SELECT statements against the database to exploit this issue. This may be done through legitimate means or by exploiting other latent SQL-injection vulnerabilities.
This exploit is for Woltlab Burning Board 2.X/Lite search.php. It allows an attacker to inject SQL queries into the search.php script, potentially gaining unauthorized access to the database.
This module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java code. This module has been tested successfully in Struts 2.3.16, Tomcat 7 and Ubuntu 10.04.
The vulnerability allows remote attackers to obtain sensitive information via a crafted searchstring parameter to search.php. The vulnerability is present in Woltlab Burning Board Lite version 1.0.2 and Woltlab Burning Board version 2.3.6.
Services By CQR