This is a PoC (ASLR/DEP bypass) For ASLR bypass jrsysCrypt.dll is used, which doesn't make use of ASLR For DEP bypass a ropchain is used which call ZwProtectVirtualMemory through fastsyscall. This script looks for a tEXt chunk in a png file and replace this chunk with two other tEXt chunks. The first of them triggers the vulnerability and the second one contains a ropchain and shellcode.
The aMSN application is prone to a remote denial-of-service vulnerability. A successful exploit of this issue allows remote attackers to crash the affected application, denying service to legitimate users.
This is a proof-of-concept exploit for a remote root vulnerability in eXtremail version 2.1.1. The vulnerability is caused by a DNS parsing bug. By sending a specially crafted DNS packet, an attacker can gain remote root access to the system. The exploit has been tested on eXtremail versions 2.1.0 and 2.1.1 for Linux.
Attackers can inject arbitrary headers through a URL in PHP, leading to potential cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks.
A successful exploit will cause the application to enter emergency mode in which URLs are not blocked, resulting in a denial-of-service condition.
This is a buffer overflow exploit for Winamp Media Player version 5.3. It allows an attacker to cause a denial of service (DOS) by creating a specially crafted WMV file that triggers the overflow.
The CreaDirectory v1.2 script is vulnerable to remote SQL injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands and retrieve sensitive information from the database. The vulnerability exists in the 'error.asp' page, where the 'id' parameter is not properly sanitized before being used in a SQL query.
This exploit allows remote code execution in Internet Download Manager through OLE Automation Array. It affects all versions of IDM and has been tested on Windows 7 and Server 2008.
The Joomla! plugin Helpdesk Pro version prior to 1.4.0 is vulnerable to multiple exploits including direct object references, XSS, SQL injection, local file disclosure/path traversal, and file upload vulnerabilities. These vulnerabilities allow an attacker to read other users' support tickets, execute malicious scripts, manipulate the database, and disclose local files on the server. The vulnerabilities have been assigned the following CVEs: CVE-2015-4071 (Direct Object References), CVE-2015-4072 (Multiple XSS), CVE-2015-4073 (SQL Injection), CVE-2015-4074 (Local file disclosure/Path traversal), and CVE-2015-4075 (File Upload).
The script causes a denial of service (DoS) by sending multiple requests to the target host. It exploits a vulnerability in the Image Transfer IOS application.
Services By CQR