This exploit allows an attacker to execute arbitrary shell commands on the target server by exploiting a vulnerability in the WebAlbum <= 2.02pl software. The vulnerability occurs due to the lack of sanitization of user input in the 'skin2' cookie parameter. By injecting malicious shell commands into the cookie, an attacker can execute arbitrary commands on the target server. This exploit works when the 'magic_quotes_gpc' setting is turned off. The exploit requires the attacker to have knowledge of the target server's IP/hostname, the path to the WebAlbum installation, and a shell command to execute. Various options are available for specifying a different port or using a proxy.
Buffer overflow vulnerability in WM Downloader 3.1.2.2 allows remote attackers to execute arbitrary code via a long string in an .m3u file, triggering a stack-based buffer overflow, and bypassing DEP protections.
EasyMail ActiveX Control (emsmtp.dll) that included into Oracle Document Capture distrib can be used to read any file in the target system. Vulnerable method is "ImportBodyText()".
This exploit allows an attacker to execute arbitrary commands on a target server running XHP CMS version 0.5 or lower. The attacker can upload a PHP file using the FileManager plugin and then execute commands through it. The vulnerability exists in the FileManager plugin's manager.php and standalonemanager.php files.
Some parameters are not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
This script exploits a Denial of Service vulnerability in Inetserv version 3.23. By sending a specially crafted buffer in the RETR or DELE command, an attacker can cause the server to crash or become unresponsive. The vulnerability allows an unauthenticated attacker to disrupt the normal operation of the POP3 service.
This exploit targets GoldenFTP version 4.70 and allows an attacker to gain unauthorized access to the server. By sending a specially crafted password (PASS command), an attacker can trigger a buffer overflow vulnerability, potentially leading to remote code execution. The exploit requires knowledge of the server's subnet and certain settings to be enabled. It has been tested on Windows XP SP3.
APPFLT.sys driver in Panda Global Protection 2010 (3.01.00) does not properly check inputs integers of an IOCTL, allowing for a local privilege escalation. Although the provided exploit is not functional, it can be modified to achieve privilege escalation.
kl1.sys driver in Panda Global Protection 2010 (3.01.00) does not check inputs integer of an IOCTL, allowing an exception to be thrown if one DWORD is modified. This can lead to a BSOD (Blue Screen of Death).
This exploit targets a vulnerability in bomberclone version 0.11.6.2. It allows an attacker to execute arbitrary code on the target system. The exploit code includes shellcode for both Linux and Windows systems. The Linux shellcode performs a bind shell on port 31337, while the Windows shellcode binds to port 4444. The exploit code is written in C.
Services By CQR