This script is a perl exploit for the Mercury Mail Transport System. It exploits a remote buffer overflow vulnerability to execute arbitrary code on the target system. The vulnerability exists in the handling of the -o command line option. By providing a long argument to this option, an attacker can overflow a buffer and overwrite the return address, leading to remote code execution. The exploit supports multiple versions of Windows, including Windows 2000 SP4 and Windows XP SP1.
The Gazette Edition for Wordpress is prone to multiple security vulnerabilities. These vulnerabilities include multiple denial-of-service vulnerabilities, a cross-site scripting vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, gain access to sensitive information, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible.
The Spellchecker plugin for WordPress is prone to a local file-include vulnerability and a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.
The MIT Kerberos kadmind service is prone to a remote code-execution vulnerability. An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges. Failed attempts will cause the affected application to crash, denying service to legitimate users. A successful exploit will completely compromise affected computers.
The eForum application fails to properly sanitize user-supplied input, allowing an attacker to upload arbitrary code and execute it within the context of the webserver process.
The Etki Video Pro application is prone to multiple SQL-injection vulnerabilities due to improper input sanitization before using it in an SQL query. These vulnerabilities can be exploited by attackers to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Etki Video Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
The Linux kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause an out-of-memory condition, denying service to legitimate users.
This exploit allows remote attackers to include arbitrary files via a URL in the sbp parameter to (1) image_upload.php or (2) file_upload.php in components/com_joomlaboard/.
The ICS FTP server component is vulnerable to a denial of service attack. The exploit sends a non-null-terminated string to the target IP address, causing the server to crash or become unresponsive.
Services By CQR