The vulnerability allows an attacker to disclose local files on the target system by exploiting a flaw in the GeoMoose software version 2.9.2 and below. By manipulating the 'id' and 'ext' parameters in the '/php/download.php' URL, an attacker can traverse directories and access sensitive files such as '/etc/passwd' and '/WINDOWS/system32/drivers/etc/hosts'.
CSRF vulnerability in D-link DIR 615 wireless router enables an attacker to perform unwanted actions on router, which may lead to gaining full control of the device.
The CMScout <= 1.23 script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'page' parameter of the index.php file. This allows the attacker to retrieve sensitive information from the database, such as usernames and passwords.
This exploit targets a vulnerability in the glob() function in PHP 5.2.3. By passing a non-integer value to the 'flags' parameter, an EIP (Extended Instruction Pointer) overwrite can be triggered, causing a Denial of Service. The exploit takes advantage of this to overwrite the EIP with the first 4 bytes of a filename. By saving a file with a specific name and launching it, the EIP can be controlled. This vulnerability was discovered by 'shinnai' with the help of 'Footzo'.
The MKPortal NoBoard (BETA) script is vulnerable to remote code execution. An attacker can exploit this vulnerability by sending a specially crafted request to the user.php file, which allows them to execute arbitrary code on the server. This vulnerability was discovered by FiSh.
This exploit targets the MkPortal reviews and gallery modules with versions <= 1.1.1. It allows an attacker to execute arbitrary SQL queries on the vulnerable system. The exploit was discovered by Coloss and developed by Coloss. This is a priv8 exploit, not suitable for children.
This exploit targets a vulnerability in the symtdi.sys driver of Symantec AntiVirus. By sending specially crafted input to the driver, an attacker can escalate their privileges on the affected system. This vulnerability allows an attacker with limited privileges to execute arbitrary code with kernel-level privileges, potentially gaining full control of the system. This exploit was published on milw0rm.com on July 12, 2007.
This exploit is a remote buffer overflow in Sync Breeze Enterprise v9.5.16. By sending a specially crafted request to the application, an attacker can trigger a buffer overflow condition, potentially allowing them to execute arbitrary code on the target system. This vulnerability has a CVSS severity score of 9.8 (Critical).
The latest Ubuntu Lucid stock kernel (2.6.32-27-generic) contains a bug that allows a lower privileged user to keep attached to open /proc file entries even after the process is executing suid binary. This allows a malicious user to access information from the proc interface or modify process settings of privileged processes. By monitoring syscalls, syscall stack, and limits of running suid binaries, a simple helper program (ProcReadHelper.c) can be used to open a proc entry before executing a suid program and keep it open. This exploit can also modify core dump flags of running suid binaries by using the same technique on writeable proc files.
The DebugMsgLog method in sasatl.dll is prone to a stack-based buffer-overflow vulnerability, because it fails to properly check boundaries. An attacker could execute arbitrary code into the remote machine.