To trigger the exploit, paste the content of exploit.txt into "Add Input Directory" text box. Challenges to convert this DoS to code execution: 1. Program doesn't accept non ASCII characters (0x01 to 0xff are okay-ish). 2. Buffer at ESP splits string if it contains a ""
Username parameter in Registeration page 'register.ghp' is prone to a stack-based buffer-overflow vulnerability. Application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Registeration page 'register.ghp' allows resetting ANY user's password. Remote un-authenticated attackers can send HTTP POST requests to Hijack ANY Easy Chat Server account.
This is a Python code exploit that performs code injection.
This exploit is a GIF file that causes a denial of service attack. When the user interacts with the GIF file (e.g., mouse over, single click, double click), the exploit is executed, leading to a denial of service.
Multiple security issues have been found including XSS, CSRF, Directory Traversal, and SQLi.
The bwired web application is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by injecting malicious SQL queries in the 'newsID' parameter of the index.php page. This can lead to unauthorized access to the database and potentially sensitive information disclosure.
Home Web Server allows to call cgi programs via POST which are located into /cgi-bin folder. However by using a directory traversal, it is possible to run any executable being on the remote host.
The search component of Joomla! allows an attacker to execute arbitrary PHP commands. It is possible to execute OS commands via system() calls. An attacker does not need to be authenticated to perform this attack.
Remote attackers can abuse the Podcast feature of subsonic to launch Server Side Request Forgery attacks on the internal network or to the internet if an authenticated user clicks a malicious link or visits an attacker controlled webpage. SSRF can be used to bypass Firewall restriction on LAN.
Services By CQR