This exploit targets a vulnerability in the Snort DCE/RPC preprocessor, as described in CVE-2006-5276. It binds a shell to TCP port 4444 and connects to it. The exploit code was tested against snort-2.6.1 running on Red Hat Linux 8.
Mambo CMS is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue by tricking an unsuspecting user into visiting a malicious Web page. The page will consist of specially crafted script code designed to perform some action on the attacker's behalf. Successful exploits will allow attackers to run privileged commands on the affected device.
The Simple Machines Forum is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
Zazavi is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and run it in the context of the webserver process.
The VicBlog application is prone to an SQL-injection vulnerability due to improper input sanitization. An attacker can exploit this vulnerability by supplying malicious input in the 'tag' parameter of the URL. Successful exploitation can lead to application compromise, unauthorized access or modification of data, and exploitation of other vulnerabilities in the underlying database.
Hotel Portal is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Input passed to the 'root' parameter in profiledit.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Real Estate Script is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Concrete is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The Freefloat FTP Server is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Services By CQR