This exploit takes advantage of a buffer overflow vulnerability in Allok Video Converter. By exploiting this vulnerability, an attacker can open the calculator application on the target system.
The "WebServer.cfg" file used by WebLog Expert Web Server Enterprise 9.4 has weak permissions, allowing local users to set a cleartext password and login as admin.
This exploit targets the DownloadFromMusicStore() function in the jetAudio 7.x ActiveX control. It allows an attacker to remotely execute arbitrary code on a vulnerable system. The bug was discovered by Krystian Kloskowski (h07) and has been tested on jetAudio 7.0.3 Basic with Microsoft Internet Explorer 6.
This is a Proof of Concept (PoC) for amplification attacks using memcached servers. The repo includes the source code for the PoC and approximately 17,000 AMP hosts. The PoC involves sending spoofed source UDP packets to memcached servers to amplify the traffic.
The vulnerability is caused due to an unspecified error in the cgis files filter used for configure properties. This can be exploited by sending a specially crafted HTTPS request (necessary authentication), which will cause the HTTPS service on the system to crash.
The Web Interface of the Bravo Tejari procurement portal does not use random tokens to block any kind of forged requests. An attacker can take advantage of this scenario and create a forged request to edit user account details like name, address of the company/individual, email address etc. He then uses social engineering techniques to target specific individuals whose account details he would like to change. He simply sends the link and tricks the user into clicking the forged http request. The request is executed and user account details are changed without his knowledge.
Network Time System (Server) "NTSServerSvc" service listens on Port 7001, unauthenticated remote attackers can crash the Server by sending exactly 11 bytes to the target system. Systems which may depend on critical time synchronization could then potentially be impacted.
Multiple vulnerabilities were identified in the Pictview image processing library embedded by the Toolkit and signed by ActivePDF. They could allow remote attackers to compromise applications relying on the Toolkit to process untrusted images.
This exploit allows an attacker to perform XSS and SQL injection attacks on the Ktauber.com StylesDemo Mod for phpbb 2.0.xx. The exploit uses LWP::UserAgent and HTTP::Request::Common modules to send HTTP requests and retrieve responses. The vulnerable site is specified in the configuration as http://www.forumup.com/stylesdemo/
This module sends a magic packet to a NETGEAR device to enable telnetd. Upon successful connect, a root shell should be presented to the user.