The "Adobe Active File Monitor V8" service is installed with an improper security descriptor. A malicious user of the Users group (which on xp means a "limited account") can stop the service, then invoke the "sc config" command to replace the binary path with a value of choice, then restart the service to run the command with SYSTEM privileges.
This script allows an attacker to spawn a bash-style shell with the webserver UID. It is currently under development and is not fully functional.
This is a proof of concept exploit for a remote code execution vulnerability in MySQL versions 3.23.x and 4.0.x. The exploit uses the jmp *eax technique. The exploit was discovered by bkbll (bkbll cnhonker.net, bkbll tom.com) on September 12, 2003. The exploit allows an attacker to execute arbitrary code on a vulnerable MySQL server. It is advised not to distribute this exploit.
Attacker can create user and host on the target system by exploiting the vulnerability in the admin/hosting/addsubsite.asp page.
This exploit is a Denial of Service (DoS) attack that targets the HTTP protocol. It sends a specially crafted GET request that causes the server to consume excessive resources and become unresponsive.
This exploit is a brute force attack on the DMhpux FTPd REST bug. It sends false login credentials and then attempts to brute force the REST command with a range of values.
This exploit code is for a buffer overflow vulnerability in GlobalScape Secure FTP Server. The code is written in Python and is designed to overwrite the EIP (Extended Instruction Pointer) register. It sends a malicious buffer to the server and then connects to port 4444 on the victim machine. This code can be used to gain unauthorized access to the victim machine.
This vulnerability allows an attacker to execute SQL queries on the database without the need for authentication. By injecting malicious SQL code into the 'user_id' parameter, an attacker can retrieve sensitive information from the database.
This code is a setuid ARPUS/ce exploit that can be used to escalate privileges on a system. It overwrites the /etc/ld.so.preload file, which can severely impact the system. The exploit takes advantage of a vulnerability in the ce program, which drops privileges under certain conditions. By exporting a faulty display, the program does not drop privileges, allowing the attacker to gain root access.
This exploit overwrites the thr_jmp_table in ESRI Arcgis 9.x, allowing for local root privilege escalation. The exploit has been tested on Solaris 10.
Services By CQR