This exploit allows an attacker to execute remote commands on a target system running Agoko CMS version 0.4 or earlier. The attacker needs to provide the host and path as input parameters to the exploit script. The script checks if a shell already exists on the target system and if not, proceeds to inject a shell. Once the shell is injected, the attacker can execute arbitrary commands on the target system.
This exploit allows remote attackers to execute arbitrary code via a long GET request to the webtool component. The vulnerability is caused due to a boundary error within the webtool when handling requests with overly long URIs. This can be exploited to cause a stack-based buffer overflow via a specially crafted GET request.
There is a pre authentication buffer overflow that exists in the login mechanism of the WebSTAR FTP service. See advisory for further details.
The tcpdump program, specifically versions 3.8.x to 3.9.1, is vulnerable to a remote denial of service attack. This vulnerability is caused by a single (GRE) packet that triggers an infinite loop in the isis_print() function, which is used in many places by tcpdump. The bug lies in the TLV_ISNEIGH_VARLEN portion of the code, where providing a zero length causes the infinite loop.
Multiple remote file inclusion vulnerabilities in FreeSchool 1.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) biblioteca/bib_form.php, (2) biblioteca/bib_pldetails.php, (3) biblioteca/bib_plform.php, (4) biblioteca/bib_plsearchc.php, (5) biblioteca/bib_plsearchs.php, (6) biblioteca/bib_save.php, (7) biblioteca/bib_searchc.php, (8) biblioteca/bib_searchs.php, (9) biblioteca/edi_form.php, (10) biblioteca/edi_save.php, (11) biblioteca/gen_form.php, (12) biblioteca/gen_save.php, (13) biblioteca/lin_form.php, (14) biblioteca/lin_save.php, (15) biblioteca/luo_form.php, (16) biblioteca/luo_save.php, (17) biblioteca/sog_form.php, (18) biblioteca/sog_save.php, (19) calendario/cal_insert.php, (20) calendario/cal_save.php, or (21) calendario/cal_saveactivity.php.
tcpdump(v3.8.3 and earlier versions) contains a remote denial of service vulnerability in the form of a single (BGP) packet causing an infinite loop. BGP is TCP, however the victim does not have to have the BGP port(179) open to abuse the bug. by sending a specially crafted (spoofed) TCP(ACK)
tcpdump(v3.8.3 and earlier versions) contains a remote denial of service vulnerability in the form of a single (LDP) packet causing an infinite loop. LDP is UDP(/TCP), so no LDP service has to actually be running to abuse this issue, spoofed or not spoofed. Depending on the path the packet takes spoofed packets may be dropped(dropped at your router most likely).
The vulnerability exists in tcpdump v3.9.1 and earlier versions, as well as ethereal v0.10.10. It is caused by a single (RSVP) packet that triggers an infinite loop in the rsvp_print() function. Clicking on the packet or receiving ICMP replies can also trigger the vulnerability. The bug is present in the RSVP_OBJ_ERO and RSVP_OBJ_RRO classes.
This exploit targets IIS 5.0 FTP Server on Windows 2000 SP4. It allows an attacker to execute arbitrary code with SYSTEM privileges. The exploit has been modified by adding an additional egghunter for a secondary larger payload. It opens a bind shell on port 4444.
This exploit targets a buffer overflow vulnerability in Net-ftpd 4.2.2. It allows an attacker to execute arbitrary code on the target system by sending a specially crafted request. The exploit code is written in Python and was created by Sergio 'shadown' Alvarez.
Services By CQR