This exploit targets Scorp Book v1.0 and allows remote file inclusion.
The WordPress MiwoFTP Plugin 1.0.5 allows an attacker to download arbitrary files from the server by exploiting a vulnerability in the 'download' action of the 'com_miwoftp' component. By manipulating the 'item' parameter in the URL, an attacker can specify the file they want to download, such as the 'wp-config.php' file.
This exploit targets the Apache mod_rewrite vulnerability on Win32 systems. It allows an attacker to trigger a buffer overflow through the 'ldap://' parameter in the GET request. The vulnerability was discovered by Mark Dowd and assigned CVE-2006-3747. The exploit does not require any opcodes under Windows and directly runs the attacker's shellcode. The vulnerable Apache versions are 1.3 branch (>1.3.28 and <1.3.37), 2.0 branch (>2.0.46 and <2.0.59), and 2.2 branch (>2.2.0 and <2.2.3). Some compilers may add padding to the stack, making them non-exploitable.
This exploit targets the Microsoft Windows XP Task Scheduler (.job) vulnerability, allowing for remote code execution.
OpenBSD <= 5.6 kernel panic()s in sys/uvm/uvm_map.c
This exploit allows an attacker to perform a remote SQL injection attack on SmodCMS version 2.10 or below. The vulnerability is located in the 'slownik_module_id' parameter. An attacker can execute arbitrary SQL queries, which can lead to unauthorized access to the database or manipulation of data.
This exploit allows an attacker to perform remote SQL injection on SmodBIP version 1.06. The vulnerability is present in the aktualnosci zoom module. By exploiting this vulnerability, an attacker can execute arbitrary SQL queries on the target server.
The 'sl_dal_searchlocation_cbf' ajax function in Wordpress Ajax Store Locator plugin version 1.2 and below is affected by a SQL Injection vulnerability. The 'StoreLocation' variable is not sanitized, allowing an attacker to inject malicious SQL queries.
The Beryo 2.0 version contains a vulnerability that allows remote attackers to disclose files from the server. By manipulating the 'chemin' parameter in the 'downloadpic.php' script, an attacker can traverse the directory structure and access sensitive files such as the password file ('/etc/passwd'). The vulnerability can be exploited by sending a crafted request to the server with the appropriate path traversal sequence in the parameter value.
We can write some assembly instruction to jump into shellcode. At the time of EIP overwrite, ECX points to our hole request(LIST evil). So jumping forward into ECX points to our Shellcode.