This module exploits a stack-based buffer overflow vulnerability against Ayukov NFTPD FTP Client 2.0 and earlier. By responding with a long string of data for the SYST request, it is possible to cause a denial-of-service condition on the FTP client, or arbitrary remote code execution under the context of the user if successfully exploited.
P-Synch is a total password management solution. It is intended to reduce the cost of ownership of password systems, and simultaneously improve the security of password protected systems. This is done through: Password Synchronization. Enforcing an enterprise wide password strength policy. Allowing authenticated users to reset their own forgotten passwords and enable their locked out accounts. Streamlining help desk call resolution for password resets. P-Synch is available for both internal use, on the corporate Intranet, as well as for the Internet deployment in B2B and B2C applications.
This exploit allows the attacker to crash the entire Hexamail Server by sending a specially crafted request. The attacker has control over the eax and ecx registers, making arbitrary code execution possible, although it is a bit tricky. The exploit has been tested against the Lite version of Hexamail Server.
The vulnerability exists in the /cgi-bin/ourspace/newswire/uploadmedia.cgi script of Ourspace 2.0.9. An attacker can exploit this vulnerability to execute arbitrary code on the server. The exploit can be found on milw0rm.com.
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Kingsoft Internet Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaws exists within the processing of IOCTL 0x80030004 or 0x80030008 by the KWatch3.sys (internet security) kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel stack buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
Authentication Bypass vulnerability in the Smart Google Code Inserter plugin 3.4 allows unauthenticated attackers to insert arbitrary javascript or HTML code which runs on all pages served by Wordpress. SQL Injection vulnerability, when coupled with the Authentication Bypass vulnerability in the Smart Google Code Inserter plugin 3.4 allows unauthenticated attackers to execute SQL queries in the context of the webserver.
The vulnerability allows an attacker to execute arbitrary SQL queries through the 'id' parameter in the 'do=newspost' action of the 'index.php' file. By manipulating the 'id' parameter, an attacker can retrieve sensitive information from the database.
This module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell.
This module exploits a remote command execution vulnerablity in HP LoadRunner before 9.50 and also HP Performance Center before 9.50. HP LoadRunner 12.53 and other versions are also most likely vulneable if the (non-default) SSL option is turned off. By sending a specially crafted packet, an attacker can execute commands remotely. The service is vulnerable provided the Secure Channel feature is disabled (default).
The vulnerability allows an attacker to upload arbitrary files to the server using the 'Uploads' page in the Pakupaku CMS.
Services By CQR