This vulnerability allows an attacker to execute arbitrary commands on the target system. The vulnerability exists in the "scormExport.inc.php" file of Claroline version 1.7.4 and below. By exploiting this vulnerability, an attacker can execute commands with the privileges of the web server. This vulnerability requires the target server to have "register_globals" and "allow_url_fopen" settings enabled. The attacker needs to provide the target server IP/hostname, the path to Claroline, and an arbitrary location with the code to include. Optional parameters such as port and proxy can also be specified. The exploit works by including a remote location that contains malicious code. The remote location should contain either "lib/fileUpload.lib.php/index.html" or "lib/pclzip/pclzip.lib.php/index.html", which should have the following code: if (get_magic_quotes_gpc()){$_GET[cmd]=strisplashes($_GET[cmd]);} error_reporting(0); ini_set("max_execution_time",0); echo "*delim*"; passthru($_GET[cmd]); echo "*delim*"; die;
This Perl script is an exploit for the cchatbox portal that allows SQL injection. It is designed to retrieve information from the database, including the MySQL version, data directory, user, and database. It also retrieves user information such as ID, group, username, password, salt, and email.
This exploit takes advantage of an integer truncation vulnerability in MS Windows XP. It allows an attacker to execute arbitrary code with kernel privileges.
PHP Exif extension for 64bit platforms is affected by a casting vulnerability that occurs during the image header parsing. According to our preliminary analysis, exploitation of this flaw results in Denial of Service.
This exploit allows an attacker to perform a Denial of Service (DOS) attack by sending a large buffer of random characters as the username and password to the Quick 'n Easy FTP Server 3.2. This causes the server to become unresponsive and deny service to legitimate users.
This exploit allows an attacker to change the admin password and add a user on Linksys Cisco Wag120n and similar versions. The attacker can use the 'sysPasswd' and 'sysConfirmPasswd' fields to set a new password.
Unprivileged users can effectively remove the sticky-bit from the system /tmp directory, making it unsafe to rely on the stickiness of /tmp on Red Hat Linux systems.
This exploit sends a crafted packet to a target server, causing it to crash and become unresponsive.
The program suffers from a buffer overflow vulnerability when opening autorun file (.ini), as a result of adding extra bytes to parts of the edited file, giving the attackers the possibility for arbitrary code execution on the affected system. Also, the buffer overflow vulnerability allows the attacker to bypass Structured Exception Handling (SEH) protection mechanism.
This is a proof-of-concept exploit for a local buffer overflow vulnerability in Oracle 10/11g exp.exe. It allows an attacker to execute arbitrary code by exploiting a buffer overflow in the param file. This vulnerability was discovered around 9/3/2010.
Services By CQR