This module exploits a stack buffer overflow in Tinc's tincd service. After authentication, a specially crafted tcp packet (default port 655) leads to a buffer overflow and allows to execute arbitrary code. This module has been tested with tinc-1.1pre6 on Windows XP (custom calc payload) and Windows 7 (windows/meterpreter/reverse_tcp), and tinc version 1.0.19 from the ports of FreeBSD 9.1-RELEASE # 0 and various other OS, see targets. The exploit probably works for all versions <= 1.1pre6. A manually compiled version (1.1.pre6) on Ubuntu 12.10 with gcc 4.7.2 seems to be a non-exploitable crash due to calls to __memcpy_chk depending on how tincd was compiled. Bug got fixed in version 1.0.21/1.1pre7. While writing this module it was recommended to the maintainer to start using DEP/ASLR and other protection mechanisms.
This exploit takes advantage of the weak configuration of Microsoft DNS servers integrated with active directory, which allows remote users to create, change, and delete DNS records. The exploit can be used for MITM attacks, denial of service, and pharming. It allows remote users to modify DNS records and potentially deploy custom binaries to client machines.
The Air Contacts Lite application is vulnerable to a denial-of-service attack. An attacker can exploit this vulnerability by sending a crafted request to the application, causing it to crash and result in a denial-of-service condition.
The Lazyest Gallery WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The WebKit browser engine fails to enforce the same-origin policy, allowing attackers to send the content of arbitrary files from the user's system to a remote server controlled by them. This can result in the disclosure of potentially sensitive information and aid in further attacks.
Apple QuickTime is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
RuubikCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The vulnerabilities in 1 Flash Gallery allow an attacker to execute SQL commands and inject malicious scripts. These exploits can lead to the theft of authentication credentials, data compromise, application compromise, and exploitation of underlying database vulnerabilities.
This exploit allows an attacker to perform a remote SQL injection attack on the Portail PHP v20 index.php file. The script prompts the user to select a language and then asks for the victim's website URL, path, and user ID. It then attempts to connect to the website and perform the SQL injection attack to retrieve user information, specifically the hashed password. If successful, it displays the user ID and hashed password. If unsuccessful, it displays an error message.
The PhotoSmash Galleries WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR