This exploit targets VUPlayer version <=2.49 and uses a buffer overflow vulnerability to execute shellcode. It also bypasses DEP (Data Execution Prevention) on Windows 7 SP1.
This exploit allows an attacker to execute arbitrary code on a vulnerable machine running UltraISO version 8.6.2.2011 or earlier. The exploit takes advantage of a local buffer overflow vulnerability in the software. By providing a specially crafted bin and cue file, an attacker can execute arbitrary code with the privileges of the user running the vulnerable software. This exploit has been tested on Windows XP Service Pack 2. The shell_code used in the exploit is designed to execute the Windows calculator (calc.exe).
This module exploits a file upload vulnerability in Wolfcms version 0.8.2. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the '/public' directory.
The vulnerability allows an attacker to include a remote file by manipulating the 'waroot' parameter in the URL. This can lead to arbitrary code execution on the target system.
This exploit demonstrates a buffer overflow vulnerability in the Solaris LDAP service. By sending a specially crafted request, an attacker can execute arbitrary code with root privileges on the target system. This exploit contains shellcode to spawn a shell with root privileges.
The exploit allows an attacker to disclose sensitive files on the server by manipulating the skin parameter in the common.css.php script. By using directory traversal techniques, the attacker can access files outside the web root directory, such as the /etc/passwd file.
This module exploits an arbitrary file download vulnerability in the DarkComet C&C server versions 3.2 and up. The exploit does not need to know the password chosen for the bot/server communication.
Symphony CMS is prone to "Session Fixation" allowing attackers to preset a users PHPSESSID "Session Identifier". If the application is deployed using an insecure setup with PHP.INI "session.use_only_cookies" not enabled, attackers can then send victims a link to the vulnerable application with the "PHPSESSID" already initialized as Symphony does not use or call "session_regenerate_id()" upon successful user authentication. As Symphonys Session ID is not regenerated it can result in arbitrary Session ID being 'Fixated' to a user, if that user authenticates using this attacker supplied session fixated link, the attacker can now access the affected application from a different Computer/Browser and have the same level of access to that of the victim. Default Cookie lifetime for Symphony CMS is up to two weeks.
This exploit allows an attacker to upload a webshell to the target system using the Airia application. The attacker needs to provide the target URL and the PHP code to be executed on the target system.
This exploit allows an attacker to execute remote code on a target server running Fundanemt version 2.2.0 or earlier. By sending a specially crafted request to the spellcheck.php file, the attacker can execute arbitrary commands on the server.
Services By CQR