This Perl script sends INVITE and OPTIONS requests to a SIP server, causing a Denial of Service (DoS) by flooding the server with these requests. The script uses the IO::Socket::INET module to create a UDP socket and send the requests. The requests are sent with specific headers and parameters to target a specific user on the SIP server. This vulnerability allows an attacker to disrupt the SIP server and potentially render it unavailable for legitimate users.
This exploit targets a buffer overflow vulnerability in a music player. It uses a combination of junk data, a modified return address, and a ROP chain to execute arbitrary code. The payload in this exploit is a shellcode that runs the Windows calculator (calc.exe).
The Mambo Component SimpleFAQ V2.11 is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by sending a specially crafted URL to the target system. This allows the attacker to execute arbitrary SQL queries and potentially gain unauthorized access to the database.
This exploit utilizes some issues in UEB9 session handling to place a php exec one liner in the webroot of the appliance. Session tokens are used to authenticate as a low priv user and modify the LOG_DIR field to point to a directory in the web root with apache user write access. This allows the attacker to execute arbitrary commands.
This exploit allows an attacker to gain unauthenticated root remote code execution on Unitrends UEB 9.1. It takes advantage of a vulnerability in the xinetd process, allowing the attacker to send a specially crafted packet that contains a command to be executed as root. The exploit requires making a second connection to a specified port and receiving command output from that connection. Even if the command output is not needed, the second connection is still necessary for the command to be executed.
The vulnerability allows an attacker to include a remote file in the vulnerable file 'popup_window.php' of Squirrelcart version 1.x.x. By manipulating the 'site_isp_root' parameter, an attacker can execute arbitrary code or include malicious files from a remote server.
The exploit allows an attacker to cause a denial of service (DoS) by sending a specially crafted packet to the dnsmasq DHCPv6 server. By exploiting this vulnerability, an attacker can crash the server, causing a loss of service for legitimate users.
There is a remotely exploitable stack based buffer overrun in the latest version of Mercury Mail Transport System. Specifically the SMTP Server does not properly handle long AUTH CRAM-MD5 strings resulting in a complete compromise of the underlying system.
This exploit triggers a buffer overflow vulnerability in SyncBreeze, specifically in the POST username field. By sending a large payload of A's, the program crashes. This could potentially be leveraged to execute arbitrary code or gain remote access to the system.
The PHP Multi Vendor Script v1.02 is vulnerable to a SQL Injection attack on the 'sid' parameter. An attacker can manipulate the 'sid' parameter to inject malicious SQL queries, potentially gaining unauthorized access to the database and executing arbitrary commands.
Services By CQR