This exploit takes advantage of a buffer overflow vulnerability in Snes9K version 0.0.9z. By pasting the contents of boom.txt into the Socket Port Number field under Netplay -> Options, an attacker can connect to the victim machine on port 4444. The exploit payload is a windows/shell_bind_tcp payload generated using msfvenom.
The FLIR AX8 thermal sensor camera suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed via the 'file' parameter in download.php is not properly verified before being used to download config files. This can be exploited to disclose the contents of arbitrary files via absolute path.
The FluxBB <= 1.5.6 version is vulnerable to SQL Injection. An attacker can manipulate the 'req_new_email' parameter in the 'change_email' action of the 'profile.php' page to inject SQL code into the database. This can lead to unauthorized access, data leakage, and other malicious activities.
The HaPe PKH 1.1 application allows arbitrary file upload, which can lead to remote code execution.
The administrator password can be changed
This bug causes a denial of service in Mozilla Firefox 2.0.0.7. It works by using two files, an HTML file and an XML file. The HTML file contains a script that triggers the bug and causes the browser to crash. The XML file contains a binding that is referenced by the script in the HTML file. When the script is executed, it triggers the binding in the XML file, which causes the browser to crash.
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft SQL Server Management Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of REGSRVR files. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.
The vulnerability exists in the Weather for PHP script version 1.0. It allows an attacker to include arbitrary local files by manipulating the 'PageName' parameter in the 'index.php' file. By appending '%00' to the 'PageName' parameter, an attacker can bypass the file extension check and include any local file on the server.
This module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the ifwatchd suid executable. ifwatchd allows users to specify scripts to execute using the '-A' command line argument; however, it does not drop privileges when executing user-supplied scripts, resulting in execution of arbitrary commands as root. This module has been tested successfully on QNX Neutrino 6.5.0 (x86) and 6.5.0 SP1 (x86).
The vulnerability allows an attacker to execute arbitrary code by exploiting an error handler in Ghostscript. By causing an executeonly procedure to stop, the attacker can expose the faulting operator to the error handler. The errordict is ignored in the -dSAFER sandbox, but filling up the stack with junk can still make the invocation of the errorhandler stop. This leaves the operand stack in an inconsistent state, allowing the attacker to execute arbitrary code.
Services By CQR