This exploit targets the PtzUrl property of the Vivotek Motion Jpeg Control, which is vulnerable to a stack-based buffer overflow. The exploit allows for remote code execution and control of EIP, ESI, EDI, and EBP. The shellcode is patched using the 'venetian method'. The exploit can be triggered remotely or by dragging the HTML file into the browser window.
This exploit allows an attacker to execute arbitrary code on a target system by exploiting a vulnerability in MediaCoder version 0.8.43.5852. By sending a specially crafted .m3u file, an attacker can trigger a stack-based buffer overflow, leading to a SEH overwrite and control over the program flow. This exploit has been tested on Windows Vista SP2.
This is a proof-of-concept exploit for a remote SEH overwrite vulnerability in Eudora 7.1. The vulnerability was discovered by Krystian Kloskowski (h07) and allows an attacker to execute arbitrary code on the target system. The exploit targets the IMAP FLAGS command and uses a Windows Execute Command shellcode to spawn the calculator (calc.exe).
This exploit targets TFTP Server version 1.4 and utilizes a buffer overflow vulnerability to execute arbitrary code. It uses an Egghunter technique to find and execute the payload.
This exploit allows an attacker to gain root privileges on Apple Mac OS X systems. It exploits a vulnerability identified as CVE-2007-0753, which is documented in the Apple knowledge base article number 305530. The exploit is available in the form of a tarball named 05302007-vpenis.tar.gz.
The PHP calendar script allows an attacker to download the user.txt file containing sensitive information like admin credentials. The file can be accessed directly through the exploit link provided.
This exploit targets the LeadTools Raster OCR Document Object Library (ltrdc14e.dll v. 14.5.0.44) and causes a remote memory corruption. By sending a specially crafted DictionaryFileName parameter to the library, an attacker can trigger the memory corruption and potentially execute arbitrary code on the target system. This vulnerability affects all software that uses this ocx.
This exploit takes advantage of a buffer overflow vulnerability in the LeadTools Raster ISIS Object (LTRIS14e.DLL v. 14.5.0.44) library. By sending a specially crafted DriverName parameter, an attacker can cause a remote buffer overflow and potentially execute arbitrary code on the target system.
This module exploits three separate vulnerabilities found in the Riverbed SteelCentral NetProfiler/NetExpress virtual appliances to obtain remote command execution as the root user. A SQL injection in the login form can be exploited to add a malicious user into the application's database. An attacker can then exploit a command injection vulnerability in the web interface to obtain arbitrary code execution. Finally, an insecure configuration of the sudoers file can be abused to escalate privileges to root.
This exploit targets the EDraw Office Viewer Component (edrawofficeviewer.ocx) version 4.0.5.20. It allows an attacker to delete the system.ini file, potentially causing the PC to not restart. All software that uses this ActiveX component is vulnerable to this exploit. The exploit requires user interaction, as the user needs to click on a button to start the test.
Services By CQR