NUUO NVRmini, NVRmini2, Crystal and NVRSolo suffers from a file disclosure vulnerability when input passed thru the 'css' parameter to 'css_parser.php' script is not properly verified before being used to include files. This can be exploited to disclose contents of files from local resources.
This is a proof-of-concept (PoC) exploit for a remote buffer overflow vulnerability in the Zenturi ProgramChecker ActiveX control (sasatl.dll). The exploit takes advantage of a buffer overflow vulnerability to execute arbitrary code on the target system. It has been tested on Windows XP Professional SP2 with Internet Explorer 7.
This file browser is vulnerable to path traversal and allow to an attacker to access to files and directories that are stored outside the web root folder.
This exploit allows an attacker to perform a blind SQL injection and retrieve the hash from the RevokeBB <= 1.0 RC4 application. The attacker needs to provide the target server's IP/hostname, path of the RevokeBB application, a valid username, and the table prefix as input parameters. The exploit then sends a crafted packet to the target server and retrieves the hash.
This is a SQL Injection exploit for Particle Gallery version 1.0.1. The vulnerable code is in the viewimage.php file. The code uses the dbSecure() function from functions.php for SQL input validation, but it is not necessary in this case as the input does not require any quotes. The exploit allows an attacker to edit comments in the gallery.
PhpMyAdmin 4.3.0 - 4.6.2 versions are vulnerable to remote code execution. This exploit is specifically designed to work on PHP versions 4.3.0-5.4.6, as the regex breaks with null byte in PHP 5.4.7.
This exploit targets Easy File Sharing Web Server version 7.2 and leverages a SEH overflow vulnerability to execute arbitrary code. It also uses an egghunter technique to locate the payload in memory. The vulnerability allows an attacker to gain admin privileges on the targeted system. The exploit has been tested on Windows 7, 8, 8.1, and 10.
This is a proof of concept code for exploiting CVE-2013-1406. The code contains functions for escalating privileges, looking up object handles, and closing table handles.
This script allows an attacker to bypass NTLM and Basic Authentication. It takes a website and a protected object as input parameters. It then constructs a malicious URL and uses the Lynx browser to access it. The URL contains parameters that bypass the authentication and access the protected object. The script is based on the vulnerability described in CVE-2007-2815.
Services By CQR