This is a local Proof of Concept (PoC) exploit for AIM version 5.5.3595. It exploits a buffer overflow vulnerability in the AIM software and allows an attacker to execute arbitrary code on the target system. The exploit creates a bindshell on port 1180 and can be triggered by supplying a command-line argument. If no argument is provided, it prints the URL. This exploit is NT universal, meaning it can be used on Windows NT-based systems.
This vulnerability allows an attacker to include local files on the server by manipulating the 'lang' parameter in the 'index.php' file. By using a relative path traversal technique, an attacker can access sensitive files such as the '/etc/passwd' file. This vulnerability affects all files within the MolyX BOARD 2.5.0 web application.
Extra User Details plugin for WordPress suffers from a Privilege Escalation vulnerability. The plugin hooks the eud_update_ExtraFields function to profile_update WordPress action. This function doesn't properly check user capabilities and updates all meta information passed to post data. An attacker can exploit this misbehavior to gain administrative privileges.
There needs to be an mp4 file with these nested atoms to trigger the bug: moov -> trak -> mdia -> hdlr
When authenticated as an admin, an attacker can manipulate the URL to access arbitrary files on the server. By substituting the target IP, desired file path, and session-specific vid parameter, the attacker can bypass security controls and view sensitive files.
The vulnerability is caused by an out-of-bounds read from static memory in Wireshark. It can be triggered by feeding a malformed file to tshark.
The vulnerability exists in the 'template_csv.php' file of Libstats version 1.0.3 and earlier. It allows an attacker to include remote files by manipulating the 'rInfo[content]' parameter. An example exploit URL is provided.
Allows an attacker to gain admin privileges.
This vulnerability allows remote attackers to include arbitrary files via a crafted request to the Base/Application.php, Widgets/Base/Footer.php, Widgets/Base/widget.BifContainer.php, Widgets/Base/widget.BifRoot.php, Widgets/Base/widget.BifRoot2.php, Widgets/Base/widget.BifRoot3.php, or Widgets/Base/widget.BifWarning.php script.
The vulnerability allows an attacker to include a remote file in the system's ImageImageMagick.php file. By manipulating the 'glConf[path_system]' parameter, an attacker can specify a malicious file hosted on a remote server to be executed on the target system.