A stack buffer overflow exists in the cgi_system binary. The error occurs due to lack of bounds checking on the PHPSESSID value before and when it is passed to sprintf in order to generate the session id file name. As written, this exploit enables Telnet. Executes a command via the stack buffer overflow in cookie parsing. The command is executed via 'system' as root.
CA Release Automation (NiMi) Remote Command Execution via Deserialization. Payloads generated using CommonsCollections1 from ysoserial work correctly. Proof of Concept exploits NiMi service if security is turned off.
Improper input validation on the router web interface allows attackers to add a persistent Cross-Site scripting attack on the Dynamic DNS hostname field. Simply intercept a renaming request and add in the XSS
This exploit allows an attacker to bypass the HTTP basic authentication in Boa web server version 0.93.15 with Intersil Extensions. The attacker can gain unauthorized access to protected resources without providing valid credentials.
This exploit allows an attacker to cause a denial of service by crashing the XAMPP Control Panel. By creating a large payload and pasting it into specific fields in the control panel, the program will crash.
This exploit creates a malicious file named 'exploit.txt' that, when opened with InfraRecorder version 0.53, causes the program to crash. The exploit script uses a buffer overflow to create a payload of 6000 characters.
This exploit allows an attacker to bind a shell to port 30464/tcp and connect to it. It takes advantage of a buffer overflow vulnerability in Halflife-Servers, specifically in the function that copies shellcode into the buffer. The exploit works by jumping to a specific location in the server code where the instruction 'call *%eax' is located, which executes the shellcode. The buffer overflow is caused by the server not properly filtering out certain characters when copying the shellcode into the buffer.
The show_opcodes() function in the Linux kernel does not properly validate userspace addresses before printing instruction bytes, which allows local users to read arbitrary kernel memory and obtain sensitive information by triggering a fault on a kernel address and then reading the dmesg logs.
This exploit allows an attacker to escalate privileges in STOPzilla AntiMalware version 6.5.2.59. By exploiting a vulnerability in the driver version 3.0.23.0 (szkg64.sys), an attacker can create a token with elevated privileges and gain unauthorized access to the system.
This Perl script exploits a remote denial of service vulnerability in GCALDaemon version 1.0-beta13. By sending a specially crafted HTTP request with a large content length, an attacker can cause the server to crash or become unresponsive.
Services By CQR