Sysax Multi ssh Server doesn't correctly handle SSH_MSG_USERAUTH_REQUEST packet , when the "user name" length malformed can lead dos
The PCMan's FTP Server v2.0 is vulnerable to a buffer overflow exploit in the RENAME command. An attacker can send a specially crafted RENAME command with a long payload, causing the server to crash or potentially execute arbitrary code.
The SUNRAS plugin in Gimp v2.2.14 is vulnerable to a buffer overflow in the set_color_table function. This vulnerability can be exploited to execute arbitrary code.
This code snippet shows a bypass technique for Data Execution Prevention (DEP) using the msvcr71.dll library. It uses a ROP chain and a small shellcode to achieve the bypass.
The PCMan's FTP Server version 2.0 is vulnerable to a buffer overflow in the GET command, which can allow remote code execution and result in a remote shell. This can be exploited by sending a specially crafted GET command with a large payload, causing a buffer overflow and overwriting the return address. This exploit has been tested on Windows XP SP3.
This vulnerability allows an attacker to disclose files remotely using the feed-proxy.php script in ext 1.0 alpha1. By manipulating the 'feed' parameter in the URL, an attacker can access sensitive files on the server, such as /etc/passwd.
This exploit targets a buffer overflow vulnerability in the Pavuk Web Spider. The vulnerable code is in the function 'http_get_digest_auth_str', where an input string 'a2' is appended to a buffer 'auth_digest->nonce' without proper bounds checking. This allows an attacker to overwrite the saved EIP and potentially execute malicious code. The exploit takes advantage of this vulnerability to craft a malicious response that includes the username, realm, nonce, uri, and a calculated response.
This Perl script will successfully exploit any un-patched Apache 2.x servers.
The programmable interrupt timer (PIT) controller in QEMU does not correctly validate the channel number when performing IO writes to the device controller, allowing both an information disclosure and heap-overflow within the context of the host. Depending on the layout of the data beyond the heap allocation, this vulnerability can set various bytes just beyond the heap allocation to non-attacker controlled values (mainly zero), as well as leaking various bytes from beyond the heap allocation back to the guest.
The file.php script in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.