This exploit allows an attacker to include a remote file in the nuke_include.php file of newsSync 1.5.0rc6. By manipulating the 'newsSync_enable_phpnuke_mod' and 'newsSync_NUKE_PATH' parameters, the attacker can execute arbitrary code from a remote server.
This vulnerability allows an attacker to bypass the Kerberos security feature and fallback to NTLM authentication. By exploiting this vulnerability, an attacker with physical access to a Windows machine can change the password of a user with cached credentials without knowing the current password.
This is a Perl exploit code. It does not provide detailed information about the vulnerability or CVE.
The vulnerability allows an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. It occurs due to the application being installed as a service with an unquoted service path.
The vulnerability allows an attacker to execute arbitrary SQL queries in the 'news_id' parameter of the 'news.asp' script. By injecting a union select statement, the attacker can retrieve sensitive information such as the admin username and password.
This is a proof-of-concept script demonstrating a SQL Injection vulnerability in PlaySMS version 0.7 and prior. The vulnerability allows an attacker to inject malicious SQL queries into the application, potentially leading to unauthorized access or manipulation of the database.
VMware Workstation contains a feature called 'Virtual Printers' that allows virtualized operating systems to access printers installed on the host. The communication between the virtual machine and the host is handled by a process called 'vprintproxy.exe'. A vulnerability exists in the handling of TrueType fonts embedded in EMFSPOOL files, specifically in the TPView.DLL library used by vprintproxy.exe. When processing printing request data, the program copies the contents of the CMAP table into the NAME table in memory. However, if the NAME table is larger than the CMAP table, a new NAME table is created with the data from the CMAP table. This vulnerability could allow an attacker to execute arbitrary code or escape the virtual machine.
The vulnerability exists in the wp_suggestCategories function in the xmlrpc.php file of WordPress. It allows an attacker to execute arbitrary SQL queries by injecting malicious input in the $max_results parameter. By sending a value like '0 UNION ALL SELECT user_login, user_pass FROM wp_users', the attacker can retrieve a list of users with their respective passwords in MD5 format, along with authentication cookies for each user.
This module attempts to exploit a race condition in mail.local with SUID bit set on NetBSD 7.0 - 7.0.1, NetBSD 6.1 - 6.1.5, and NetBSD 6.0 - 6.0.6. Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.
The Perl DRDoS script is a tool that can be used to perform Denial of Service (DoS) attacks. It uses the Net::RawIP module to send a large number of SYN packets to a target IP address. The script allows the user to specify the number of SYN packets to send and a list of reflector IP addresses to use. The reflector IP addresses are used to amplify the attack by reflecting the SYN packets back to the target. This can overwhelm the target's resources and cause it to become unresponsive.
Services By CQR