This module exploits an expression language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.
This exploit targets the EDraw Office Viewer Component version 5.2 (officeviewer.ocx v. 5.2.218.1) through the "HttpDownloadFileToTempDir()" method. It allows an attacker to overflow a buffer remotely, potentially leading to arbitrary code execution.
This exploit demonstrates an Out-of-Bounds Write vulnerability in Chakra. The vulnerability occurs due to a flaw in the loop prepass analysis, where a relative operation is mistakenly considered a valid loop. This leads to an optimization phase where the relative operation is optimized and becomes a load operation, resulting in an Out-of-Bounds Write. An attacker could exploit this vulnerability to execute arbitrary code or modify sensitive data.
The RW::Download v2.0.3 lite web application is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by manipulating the 'dlid' and 'cid' parameters in the 'index.php' file. By using a UNION SELECT statement, the attacker can extract sensitive information such as usernames and passwords from the 'dl_users' table.
This exploit takes advantage of a remote stack overflow vulnerability in Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library (FPOLE.OCX v. 6.0.8450.0). By sending a specially crafted request, an attacker can trigger a stack overflow and potentially execute arbitrary code on the target system.
The vulnerability allows an attacker to include a remote file through the 'functions_file' parameter in the 'menu.php' script. This can lead to remote code execution or other malicious activities.
A boundary error within a function in eng50.dll can be exploited to cause a stack-based buffer overflow via a specially crafted RPC request to the SpntSvc.exe service.
This exploit allows an attacker to include remote files by manipulating the 'DIR_PREFIX' parameter in the 'environment.php' file of AnyInventory version 2.0. By appending a malicious file path, an attacker can execute arbitrary code on the victim's system.
The exploit generates a malicious pls file for AtomixMP3 2.3 that triggers a local buffer overflow. It utilizes a return address at 0x77394540, jmp esp instruction in mswsock.dll on Windows XP Pro Version 2002. The exploit payload consists of padding (A x 516), the EIP overwrite with a jmp esp instruction, some NOPs, and a shellcode. The shellcode is a Windows command to execute the calculator program. The exploit was created by 0x58 and gives credit to miyyet, diablos5s5, vxroot, Str0ke, and Metasploit.
This exploit allows an attacker to include arbitrary files from a remote server in the PHPof application. By manipulating the 'PHPOF_INCLUDE_PATH' parameter in the 'DB_adodb.class.php' file, an attacker can include a shell.txt file from a remote server.
Services By CQR