The vulnerability allows an attacker to include a remote file in the 'includes.php' file of the Bradabra v2.0.5 script. By manipulating the 'include_path' parameter, an attacker can include a malicious file from a remote server, potentially leading to remote code execution.
The vulnerability exists in the include/config.inc.php file of PhpSherpa. The code includes a file called connect.inc.php using a variable called $racine. An attacker can exploit this vulnerability by manipulating the racine parameter in the URL to execute arbitrary code.
This exploit is a JavaScript code that creates an iframe with a source URL that starts with 'ftps://' followed by a string of 408 'A' characters and 'ABCD'. It appends the iframe to a hidden div element with the id 'testbox'. When the 'Test MOAB-19-01-2007' button is clicked, the payload size is displayed in an alert and the iframe is loaded.
This exploit demonstrates a code injection vulnerability that occurs during redirection. The attacker injects malicious code into the page using various scripts and then redirects the user to a different URL. The injected code loads a shell script from a remote server and executes it on the user's system.
This is a proof-of-concept exploit for a buffer overflow vulnerability in Microsoft Help Workshop v4.03.0002. The vulnerability allows an attacker to execute arbitrary code by creating a specially crafted .HPJ project file. The exploit code spawns a process of notepad.exe and contains hardcoded offsets and API pointers to perform the exploit.
This is a Proof of Concept stack based exploit that demonstrates remote code execution on the ipw2200 driver. It executes a beep user space shellcode. It only works on XP SP2 ITA and it was only tested with version 8.0.12.20000 of the IPW2200BG driver.
This module abuses the kxClientDownload.ocx ActiveX control distributed with WellingTech KingScada. The ProjectURL property can be abused to download and load arbitrary DLLs from arbitrary locations, leading to arbitrary code execution, because of a dangerous usage of LoadLibrary. Due to the nature of the vulnerability, this module will work only when Protected Mode is not present or not enabled.
This is a local root exploit for Android 4.2.2 and 4.4, targeting unpatched kernels up to version 3.4.5. The exploit requires manual customization of addresses for the target board. It was created by Piotr Szerman in 2013.
This script demonstrates a heap buffer overflow vulnerability in the FTP LIST command. It sends a payload of 251 bytes followed by specific values to trigger the overflow. This vulnerability allows an attacker to potentially execute arbitrary code or crash the FTP server.
An attacker can exploit this issue through other applications such as PHP to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Services By CQR