The SSID and Device name settings in the wireless configuration do not sanitize their input. The VPN Tunnel name is also vulnerable for persistent XSS.
This script is used to fix certain data in a CVSTrac database after it has been attacked. It connects to the database using DBI and DBD::SQLite modules, and then iterates through various tables to fix any data that matches a specific pattern. The fixup function is used to check and modify the data if necessary. The script prints out the details of each adjustment it makes.
Bugzilla is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files within the context of the server. Information harvested may aid in launching further attacks.
Vim is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
This exploit takes advantage of the FTP server vulnerability in webfwlog version 0.92. By injecting code into the debug.php file, an attacker can read the contents of the conffile, which may contain sensitive information.
This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKBCopyD.exe when handling specially crafted packets. This module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3.
This code allows gaining SYSTEM privileges with vulnerable printer providers. The vulnerable software includes DiskAccess NFS Client (dapcnfsd.dll v0.6.4.0) - REPORTED & NOTFIXED -0day!!!, Citrix Metaframe - cpprov.dll - FIXED, Novell (nwspool.dll - CVE-2006-5854 - untested), and more undisclosed stuff. The exploit crashes the spooler service (spoolsv.exe) if it doesn't work. The workaround is to trust only the default printer providers 'Internet Print Provider' and 'LanMan Print Services' and delete the others.
The code is an example of a buffer overflow exploit in the XTerm application. The exploit uses a shellcode to execute arbitrary commands with root privileges. The exploit takes advantage of a buffer overflow vulnerability in the xterm program to overwrite the return address and redirect the program execution to the shellcode.
The given Ruby script is an exploit that escalates privileges on a macOS system by exploiting a vulnerability in CrashReporter. The exploit involves creating a symlink to a known program crash log file, creating a program with a modified __LINKEDIT segment, running the fake program to crash and create a file at /var/cron/tabs/root, and then creating a legitimate crontab to refresh cron. By doing this, the exploit gains root access to the system.
This is a Perl porting of the BrightStoreARCServer-11-5-4targets exploit. It allows remote attackers to execute arbitrary code on the target system. The exploit takes advantage of a vulnerability in BrightStore ARCserve Backup Server.
Services By CQR