This exploit is a proof of concept for a remote buffer overflow vulnerability in a Perl IMAP server. The exploit takes advantage of a vulnerability in the server's handling of user credentials, allowing an attacker to execute arbitrary code on the server. The exploit uses a combination of NOP sled, return address overwrite, and a shellcode payload to achieve remote code execution. The shellcode used in the exploit is a modified version of the NGS Writing Small Shellcode by Dafydd Stuttard, with changes made to the bind port and added bytes to hide the cmd.exe window on the remote host.
This is a proof of concept code for the MOAB-14-01-2007 vulnerability. The vulnerability is a buffer overflow in the ATPsndrsp function in the AppleTalk protocol implementation. By sending a specially crafted packet, an attacker can trigger a kernel panic and potentially execute arbitrary code.
This is the 3rd version of the vulnerability where a drag and drop event can be caused by clicking a specific link on a popup that points to 'The Better Browser' website. The exploit code is provided in the given HTML code.
The server does not correctly handle format string so sending a command like USER %1*3000 let us own EDX. Other values can also affect EAX & ECX. This is only a POC but code execution is possible.
Sending a long USER / PASS request to server triggers the vulnerability. EAX and EDX are owned leading to code execution. This is only a POC.
The vulnerabilities in Spyce can lead to information disclosure or client-side script execution. An attacker can execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, launch other attacks, and obtain a server's webroot path.
This module exploits a file upload vulnerability found in Simple E-Document versions 3.0 to 3.1. Attackers can bypass authentication and abuse the upload feature in order to upload malicious PHP files which results in arbitrary remote code execution as the web server user. File uploads are disabled by default.
A SEH overflow occurs when large amount of data is sent to the server.
This exploit takes advantage of a buffer overflow vulnerability in the CWD command of PCMAN FTP version 2.07. By sending a specially crafted string as the argument to the CWD command, an attacker can overwrite the function with junk characters, leading to remote code execution. The exploit includes a shellcode that binds a shell to port 4444.
This exploit takes advantage of a buffer overflow vulnerability in the ABOR command of PCMAN FTP 2.07. By sending a specially crafted payload, an attacker can overwrite the function pointer and gain control of the program. The exploit includes a bind shell on port 4444.
Services By CQR