This exploit allows an attacker to perform SQL injection in the gallery.php file of webSPELL v4.01.02. By manipulating the parameters, the attacker can retrieve the password from the user table.
This vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long mode field (more than 460 bytes).
The RESOLV_HOST_CONF environment variable is vulnerable to command injection. An attacker can set the variable to a malicious command, which will be executed when the system tries to resolve a hostname. In this example, the attacker sets the variable to /etc/shadow; ping adfas, causing the system to ping the host adfas after reading the /etc/shadow file.
This module exploits a vulnerability found in the command and control panel used to control Dexter (Point of Sale malware). This is done by accessing the PHP page used by bots to report in (gateway.php) which does not sanitize input. Input is encrypted and encoded, but the key is supplied by the bot connecting. The 'page' parameter is used in this case. The command and control panel designates a location to upload files, and can be used as a reliable location to write a PHP shell. Authentication is not needed to exploit this vulnerability.
Pre Authentication Buffer Overflow in Eudora Qualcomm WorldMail 9.0.333.0 IMAPd Service. The SEH gets overwritten at 749 bytes when using the UID command. Only 79 bytes left after SEH, so the shellcode was placed before SEH and a backward jump is used after SEH to execute the shellcode. Shellcode used is shell_bind_tcp LPORT*4444 EXITFUNC*seh, with bad characters 0x00 and 0x7b.
The webchat application is vulnerable to a file include vulnerability. An attacker can exploit this vulnerability by manipulating the WEBCHATPATH parameter in the defines.php file. This can lead to remote code execution or information disclosure.
The omniinet service in HP Data Protector is vulnerable to remote command execution. By sending a malicious EXEC_BAR packet, an attacker can force the service to run arbitrary commands on the target system. This can lead to complete compromise of the remote host. The vulnerability can be exploited by sending two specific arguments to the omniinet service. The exploit creates a new Windows account and adds it to the local Administrators group.
This exploit allows an attacker to execute arbitrary SQL queries in the Dexter (CasinoLoader) Panel. By manipulating the 'page' parameter, an attacker can inject SQL code to retrieve sensitive information from the database.
This exploit takes advantage of a vulnerability in the shared_region_map_file_np function in Mac OS X. By opening the libSystem.dylib file and calling the shared_region_map_file_np syscall with a specific address, an attacker can escalate their privileges to gain root access.
The exploit is a code injection vulnerability that allows an attacker to execute arbitrary code by manipulating the 'roomname' parameter in the 'aim:gochat' URL scheme. The code uses a loop to create a string of 'A%n' characters and then appends it to the 'aim:gochat?roomname=' prefix. When the 'window.location' is set to this string, the code injection occurs.