The Mosh application is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue by sending specific input to the affected application, causing it to crash or enter an endless loop. This denial-of-service attack can result in a denial of service for legitimate users of the application.
This exploit targets a vulnerability in ProFTPD version 1.3.0 and 1.3.0a. The vulnerability is present in the mod_ctrls module and can be exploited locally. By exploiting this vulnerability, an attacker can execute arbitrary code with elevated privileges. The exploit uses the exec-shield technique to bypass security measures.
This exploit targets a format string bug in the OpenFTPD software. The exploit allows for remote code execution by hijacking the jumpslot for fclose() and using the retaddr from argv[3] to execute arbitrary code. The shellcode is passed through the 'site msg' command, specifically the 'site msg read X' command, where X is the shellcode. This exploit has been tested on the most current version of OpenFTPD.
When doing the ssh dh group exchange old style, if the server sends a malformed dh group exchange reply, it can lead the putty to crash.
The QDBlog v0.4 application is vulnerable to SQL Injection and Local File Inclusion attacks. The SQL Injection vulnerability allows an attacker to bypass the admin access authentication and gain unauthorized access to the administration panel. The Local File Inclusion vulnerability allows an attacker to include arbitrary local files, potentially leading to remote code execution or information disclosure.
SFTP module for FileZilla, based on Putty's PSFTP component, is vulnerable to a denial of service attack. When performing the SSH DH group exchange old style, if the server sends a malformed DH group exchange reply, it can cause the FileZilla component to crash.
This exploit takes advantage of a stack overflow vulnerability in the NCTAudioFile2.AudioFile ActiveX component in Internet Explorer. By visiting a malicious webpage, an attacker can trigger the stack overflow and execute arbitrary code.
The exploit allows an attacker to overwrite the Structured Exception Handler (SEH) of the VCDGear v3.56 software, potentially leading to arbitrary code execution.
This exploit creates a malicious .m3u file that causes a local crash in foobar2000 version 1.3.8 on Windows XP SP3 KOR. The file contains a long URL string which triggers the crash when opened in the software.
This module exploits the SITE CPFR/CPTO commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default runs under the privileges of the 'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website directory, PHP remote code execution is made possible.
Services By CQR