This exploit targets a vulnerability in the PhP Generic library & framework where an attacker can include remote files using the 'include_path' parameter. By manipulating the 'include_path' parameter, an attacker can execute malicious code on the target system.
This vulnerability allows an attacker to perform blind SQL injection in the xNews.php file of the xNews 1.3 application. By manipulating the 'id' parameter in the URL, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database.
This exploit allows an attacker to include a remote file in the 'menu.php' script of Foro Domus v2.10. By manipulating the 'sesion_idioma' parameter, an attacker can execute arbitrary commands on the server.
This exploit targets EclipseBB 0.5.0 Lite script and takes advantage of a remote file inclusion vulnerability in the 'functions.php' file. By manipulating the 'phpbb_root_path' parameter in the 'functions.php' file, an attacker can include and execute arbitrary remote files.
This exploit allows remote code execution by exploiting a buffer overflow vulnerability in GetGo Download Manager. It overwrites the SEH (Structured Exception Handler) to bypass SafeSEH protection and execute the shellcode.
The product "InterScan VirusWall 3.81 for Linux" ships a library called "libvsapi.so" which is vulnerable to a memory corruption vulnerability. One of the applications that apparently uses this library is called "vscan" which is set suid root by default. It was discovered that this supporting program is prone to a classic buffer overflow vulnerability when a particularly long command-line argument is being passed and the application utilizes the flawed library to attempt to copy that data into a finite buffer. As vscan is set suid root, this leads to arbitrary code execution with root level privileges.
BlazeVideo HDTV Player is prone to a stack-based buffer-overflow vulnerability because the application fails to handle malformed playlist files. An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.
The vulnerability allows an attacker to include a remote file in the 'lib_head.php' file, which can lead to remote code execution.
The exploit overwrites the UnhandledExceptionFilter in Windows 2000 SP0 with the address of call dword ptr [esi +4C] located in user32.dll. At the time when UEF is called esi +4C contains a pointer to the shellcode. The exploit opens a shell on TCP port 4444.
The chernobiLe Portal 1.0 (default.asp) is vulnerable to remote SQL injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the target system.
Services By CQR