This exploit causes an access violation crash in CCextractor version 0.80. By creating a specially crafted file, the exploit triggers a buffer overflow, leading to the crash. This vulnerability has not been assigned a CVE number yet.
The Webavis application is vulnerable to remote file inclusion. By modifying the 'root' parameter in the 'class.php' file, an attacker can include arbitrary files from remote servers, potentially leading to remote code execution.
This exploit takes advantage of a vulnerability in the MySQL Procedure Analyse function, allowing an attacker to cause a Denial of Service (DoS) by sending a specially crafted payload. The vulnerability is identified by CVE-2015-4870.
This exploit targets a buffer overflow vulnerability in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL v. 14.5.0.44). By sending a specially crafted input, an attacker can overflow a buffer and execute arbitrary code on the target system.
This proof of concept demonstrates that enabling encrypted control communication on Data Protector agents does not provide any additional security. As it provides no authentication, it is not a viable workaround to prevent the exploitation of well-known Data Protector issues such as cve-2014-2623. This exploit establishes an unauthenticated encrypted communication channel to a Data Protector Agent and uses a well-known unencrypted Data Protector vulnerability to run arbitrary commands on the target.
This module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSIST_ETC is true. This method is used by the "mf" malware infecting these devices.
This module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.
This exploit targets a vulnerability in the pppd plugin loading mechanism in Mac OS X version 10.4.8 and below. It allows an attacker to escalate their privileges on the system.
This is a remote buffer overflow exploit targeting the Dart Communications PowerTCP ZIP Compression Control (DartZip.dll 1.8.5.3) in IE 6 on Windows XP SP2. The exploit allows an attacker to add a user 'sun' with the password 'tzu'. The shellcode used is a Metasploit one.
This exploit allows an attacker to perform arbitrary unserialize and arbitrary write file operations in Magento versions below 2.0.6. By exploiting a vulnerability in the Magento framework, an attacker can execute arbitrary code and potentially take control of the system.
Services By CQR