This code is a proof of concept for an unknown vulnerability in MP3 Studio v1.0. The author attempted to exploit the vulnerability but was unsuccessful. The code includes a bind shell on port 4444. The author notes that this media player is unlikely to be widely used.
The NotJustBrowsing 1.0.3 application discloses passwords to local users.
This is a proof of concept for a stack buffer overflow vulnerability in Portable E.M Magic Morph 1.95b. By creating a specially crafted .MOR file and editing it with a hex editor, an attacker can trigger a stack buffer overflow. The EIP offset is at 312 bytes (0x138 HEX). The exploit uses a technique called 'stack spray' to determine the offset. The CPU registers at the time of the exploit are: EAX=00000000, ECX=33333333, EDX=01492288, EBX=00000001, ESP=0012EF7C. The exploit payload is a string of characters and symbols.
ICUII 7.0 discloses passwords to local users.
Multiple remote vulnerabilities in Gyro V5.0 allow attackers to execute arbitrary SQL commands or inject arbitrary web script or HTML via the cid parameter in (1) home or (2) op in home.php.
This exploit allows local users to disclose proxy passwords in FilePocket v1.2 and possibly prior versions. The exploit leverages a vulnerability in the software that allows access to the proxy password through the Windows registry.
GoText 1.01 discloses user informations to local users.
This is an exploit for the vulnerability discovered in Pidgin by core-security. The library "libmsn" used by pidgin doesn't handle specially crafted MsnSlp packets which could lead to memory corruption.
This exploit takes advantage of a buffer overflow vulnerability in FTPShell Client 4.1 RC2. By sending a malicious pasv response, an attacker can trigger the buffer overflow and potentially execute arbitrary code on the target system. The exploit has been tested on Windows XP SP3 and Windows 2000 SP4.
This exploit takes advantage of a SEH (Structured Exception Handling) overwrite vulnerability in Audio Lib Player. By creating a specially crafted playlist file (exploit.m3u) and loading it into the player, an attacker can trigger the exploit and gain control of the program, potentially allowing for remote code execution.
Services By CQR