This package contains an exploit for Ettercap-NG. The exploit is not described in detail and the code is provided without any explanation. It has been tested on Ettercap-NG v 0.7.3 on FreeBSD 6.1 and Slackware 10.1.
Wordpress Plugin 'WP Mobile Edition' is not filtering data so we can get the configuration file in the path <site.com/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php>
Proof of concept exploit for a stack (and heap) based overflow in airodump-ng. The vulnerability can be exploited by transmitting specially crafted 802.11 packets to execute arbitrary code on machines within range sniffing with a vulnerable version of airodump-ng.
The Request It : Song Request System version 1.0b is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a remote file using the 'id' parameter in the URL.
This exploit allows an attacker to include a remote file by manipulating the 'cfg_file' parameter in the 'autoindex.php' script of Expow 0.8 File Manager. By providing a remote file URL in the 'cfg_file' parameter, the attacker can execute arbitrary code on the target system.
The mailout.php file in E107 (v0.7.8) allows an attacker to run any command of their choosing on the system by changing the $mailer parameter passed to a subsequent popen() call when sending a test email.
This is a remote exploit for OpenFTPD version <= 0.30.2. It exploits a format string bug in the message system. The vulnerability was rediscovered by a VOID.AT. The exploit allows attackers to execute arbitrary code on the target system.
The ZTE AC 3633R USB Modem is vulnerable to an authentication bypass vulnerability, allowing an attacker to gain administrative access. It is also vulnerable to a denial of service vulnerability, causing the modem to crash and reboot. This crash may lead to remote code execution and root privilege on the device.
JDownloader 2 Beta is vulnerable to a directory traversal security issue. The vulnerability allows an attacker to create or overwrite arbitrary files on the target filesystem by using a specially crafted ZIP file with a directory traversal sequence in the entry name.
This exploit takes advantage of the SQL CLIENT_IP vulnerability in Mybb version <= 1.2.2. It uses blind SQL injection to execute a malicious SQL query on the database.
Services By CQR