The affected device suffers from authenticated remote code execution vulnerability. Including a CSRF, a remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.
This is a remote exploit for IMAIL Smtp Server(1.2) version 8.01-8.11. The exploit is used to attack the hostname specified using the options provided. It supports win2k All version and IMail 8.01-11. The exploit uses the strcpy function to copy a buffer from src to dst, which can lead to a buffer overflow vulnerability. The exploit also connects back to an IP and port specified using the options. The bad characters used in the exploit are 0x00, 0x0a, and 0x25. The exploit also manipulates the PEB structure to hide its presence.
Vtiger 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This module was tested against vTiger CRM v6.3.0.
This exploit allows remote code execution on Advantech WebAccess version 8.0-2015.08.16. It takes advantage of a stack-based buffer overflow vulnerability in the DrawSrv.dll file. By sending a specially crafted request to the target system, an attacker can execute arbitrary code.
The exploit creates a file with a payload of 3500 bytes, causing a denial of service on the vulnerable software SysGauge v4.5.18. The payload is created by writing 'A' 3500 times to a file named payload.txt.
No protection on the wp-content/uploads/wp-security-audit-log/* which is indexed by google and allows for attackers to possibly find user information (bad login attempts)
This exploit allows remote attackers to execute arbitrary code on a server running LIGHTTPD/FASTCGI version 1.4.17 or earlier. The vulnerability was discovered by Mattias Bengtsson and Philip Olausson from SecWeb. The exploit takes advantage of a bug in the FastCGI implementation. This file is for studying purposes only and a proof-of-concept. The author cannot be held responsible for any damage done using this program.
Relevanssi is a WordPress plugin with more than 100.000 active installations. Version 4.0.4 (and possibly previous versions) are affected by a Reflected XSS vulnerability. Arbitrary JavaScript code can be run on browser side if a logged in WordPress administrator is tricked to click on a link or browse a URL under the attacker control. This can potentially lead to creation of new admin users, or remote code execution on the server.
This exploit takes advantage of a buffer overflow vulnerability in Allok soft WMV to AVI MPEG DVD WMV Converter. By creating a specially crafted file and pasting its contents into the License Name field, an attacker can execute arbitrary code and open the calculator application on the target system.
This exploit code creates a file called 'exploit.txt' which, when copied and pasted into the License Name field of Allok Video joiner, causes a buffer overflow and opens the calculator. The vulnerability was discovered by Velayutham Selvaraj.
Services By CQR