header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

RESOLV_HOST_CONF Command Injection

The RESOLV_HOST_CONF environment variable is vulnerable to command injection. An attacker can set the variable to a malicious command, which will be executed when the system tries to resolve a hostname. In this example, the attacker sets the variable to /etc/shadow; ping adfas, causing the system to ping the host adfas after reading the /etc/shadow file.

Dexter (CasinoLoader) SQL Injection

This module exploits a vulnerability found in the command and control panel used to control Dexter (Point of Sale malware). This is done by accessing the PHP page used by bots to report in (gateway.php) which does not sanitize input. Input is encrypted and encoded, but the key is supplied by the bot connecting. The 'page' parameter is used in this case. The command and control panel designates a location to upload files, and can be used as a reliable location to write a PHP shell. Authentication is not needed to exploit this vulnerability.

Pre Authentication Buffer Overflow in Eudora Qualcomm WorldMail 9.0.333.0 IMAPd Service

Pre Authentication Buffer Overflow in Eudora Qualcomm WorldMail 9.0.333.0 IMAPd Service. The SEH gets overwritten at 749 bytes when using the UID command. Only 79 bytes left after SEH, so the shellcode was placed before SEH and a backward jump is used after SEH to execute the shellcode. Shellcode used is shell_bind_tcp LPORT*4444 EXITFUNC*seh, with bad characters 0x00 and 0x7b.

HP Data Protector EXEC_BAR Remote Command Execution

The omniinet service in HP Data Protector is vulnerable to remote command execution. By sending a malicious EXEC_BAR packet, an attacker can force the service to run arbitrary commands on the target system. This can lead to complete compromise of the remote host. The vulnerability can be exploited by sending two specific arguments to the omniinet service. The exploit creates a new Windows account and adds it to the local Administrators group.

Shared Region Map File NP Local Privilege Escalation Vulnerability

This exploit takes advantage of a vulnerability in the shared_region_map_file_np function in Mac OS X. By opening the libSystem.dylib file and calling the shared_region_map_file_np syscall with a specific address, an attacker can escalate their privileges to gain root access.

MOAB-20-01-2007

The exploit is a code injection vulnerability that allows an attacker to execute arbitrary code by manipulating the 'roomname' parameter in the 'aim:gochat' URL scheme. The code uses a loop to create a string of 'A%n' characters and then appends it to the 'aim:gochat?roomname=' prefix. When the 'window.location' is set to this string, the code injection occurs.

Recent Exploits: