This code allows gaining SYSTEM privileges with vulnerable printer providers. The vulnerable software includes DiskAccess NFS Client (dapcnfsd.dll v0.6.4.0) - REPORTED & NOTFIXED -0day!!!, Citrix Metaframe - cpprov.dll - FIXED, Novell (nwspool.dll - CVE-2006-5854 - untested), and more undisclosed stuff. The exploit crashes the spooler service (spoolsv.exe) if it doesn't work. The workaround is to trust only the default printer providers 'Internet Print Provider' and 'LanMan Print Services' and delete the others.
The code is an example of a buffer overflow exploit in the XTerm application. The exploit uses a shellcode to execute arbitrary commands with root privileges. The exploit takes advantage of a buffer overflow vulnerability in the xterm program to overwrite the return address and redirect the program execution to the shellcode.
The given Ruby script is an exploit that escalates privileges on a macOS system by exploiting a vulnerability in CrashReporter. The exploit involves creating a symlink to a known program crash log file, creating a program with a modified __LINKEDIT segment, running the fake program to crash and create a file at /var/cron/tabs/root, and then creating a legitimate crontab to refresh cron. By doing this, the exploit gains root access to the system.
This is a Perl porting of the BrightStoreARCServer-11-5-4targets exploit. It allows remote attackers to execute arbitrary code on the target system. The exploit takes advantage of a vulnerability in BrightStore ARCserve Backup Server.
This exploit targets a vulnerability in the PhP Generic library & framework where an attacker can include remote files using the 'include_path' parameter. By manipulating the 'include_path' parameter, an attacker can execute malicious code on the target system.
This vulnerability allows an attacker to perform blind SQL injection in the xNews.php file of the xNews 1.3 application. By manipulating the 'id' parameter in the URL, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database.
This exploit allows an attacker to include a remote file in the 'menu.php' script of Foro Domus v2.10. By manipulating the 'sesion_idioma' parameter, an attacker can execute arbitrary commands on the server.
This exploit targets EclipseBB 0.5.0 Lite script and takes advantage of a remote file inclusion vulnerability in the 'functions.php' file. By manipulating the 'phpbb_root_path' parameter in the 'functions.php' file, an attacker can include and execute arbitrary remote files.
This exploit allows remote code execution by exploiting a buffer overflow vulnerability in GetGo Download Manager. It overwrites the SEH (Structured Exception Handler) to bypass SafeSEH protection and execute the shellcode.
The product "InterScan VirusWall 3.81 for Linux" ships a library called "libvsapi.so" which is vulnerable to a memory corruption vulnerability. One of the applications that apparently uses this library is called "vscan" which is set suid root by default. It was discovered that this supporting program is prone to a classic buffer overflow vulnerability when a particularly long command-line argument is being passed and the application utilizes the flawed library to attempt to copy that data into a finite buffer. As vscan is set suid root, this leads to arbitrary code execution with root level privileges.