TpwnT is maliciously crafted text that affects the iPhone and other Apple devices by exploiting a vulnerability found in the Core-Text firmware which results in a thread crash or extreme application lag.
The exploit allows an attacker to overwrite the EIP register in the Mercury/32 SMTP Server, leading to remote code execution. It works on versions 3.32 to 4.51.
VX Search v10.2.14 suffers from a local buffer overflow. The following exploit will generate a bind shell on port 1337. I was unable to get a shell working with msfvenom shellcode so below is a custom alphanumeric bind shell.
It is possible to execute arbitrary shell commands on the remote server by exploiting a vulnerability in the Mail package for Zeta Components. The vulnerability exists in the send method of the ezcMailMtaTransport class. By injecting a payload in the mail body and assigning a specific email address, an attacker can pass extra parameters to the sendmail function, allowing the execution of arbitrary commands.
This vulnerability allows an attacker to crash the Microsoft Edge browser by exploiting a flaw in the Chakra JavaScript engine. The issue occurs in the JsUtil::WeaklyReferencedKeyDictionary::FindEntry function, where an uninitialized memory read can lead to a NULL pointer dereference and cause a crash.
This is a remote root exploit for the Alpha Centauri Software SIDVault LDAP Server. It allows an attacker to gain root access to the server. The exploit uses a buffer overflow vulnerability to execute arbitrary code on the target system. It includes shellcode that will spawn a root shell. The exploit targets the JMP ESP address in Ubuntu's linux-gate.so library.
This module leverages an unauthenticated credential disclosure vulnerability to then execute arbitrary commands on DIR-850L routers as an authenticated user. Unable to use Meterpreter payloads.
This exploit allows an attacker to bypass safe mode restrictions in PHP by leveraging the PHP Perl extension. The attacker can execute arbitrary commands on the target system by providing a command through the 'cmd' parameter in the GET request. The exploit checks if the Perl extension is loaded and if the 'cmd' parameter is empty, it sets a default command based on the operating system. The Perl extension is then used to execute the command and the output is displayed in a textarea element on the page. The 'cmd' parameter is also sanitized to prevent HTML injection.
This module exploits a vulnerability found in Mako Server v2.5. It's possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to manage.lsp.
The SunShop v4.0 RC 6 search script is vulnerable to blind SQL injection in the s[cid] parameter. An attacker can inject SQL code to exploit this vulnerability. The vendor has released a solution in version 4.0.1. The script allows the attacker to retrieve the username or password from the admin table.