WizMouse allows you to scroll the window under the mouse with your mouse wheel even if the that window doesn't have input focus.
Windows 10 already has this functionality built in so WizMouse is most useful if you're using earlier versions of Windows (Windows 2000, XP, Vista, 7, 8).
WizMouse is FREE but donations are welcome. If you find WizMouse useful please donate by clicking the button below. A US$10 or more donation is recommended but any amount is welcomed.
Prior to Windows 10, it wasn't possible to scroll windows with the mouse wheel unless the window had input focus. You'd have to click the window first before being able to scroll it. WizMouse allows this functionality on older versions of Windows.
WizMouse can translate mouse wheel messages into scroll bar messages. This allows wheel scrolling in old applications that don't support mouse wheels.
WizMouse can optionally reverse the wheel scrolling direction (like OS X "Natural" scrolling)..
The hangup.php3 script receives the SIGHUP signal. Because the script uses pcntl_signal() without pcntl_signal_dispatch() in a safe context, it triggers an asynchronous fork. The parent process writes to the session file while the child process—intended to clean up call resources—attempts to write a log entry. This creates a race condition.
For the vDesk HangupPHP3 exploit to be viable, the target system must meet the following criteria:
VDesk stored session data in flat files within /tmp/ or /vdesk/sessions/. The hangup.php3 script often accepted a session_id via GET or POST without sufficient sanitization. vdesk hangupphp3 exploit
A typical vulnerable code block in hangup.php3 might look like this (reconstructed for educational analysis):
// VULNERABLE CODE - DO NOT USE
$session_id = $HTTP_GET_VARS['sess'];
$ticket_id = $HTTP_GET_VARS['ticket'];
include("/vdesk/sessions/sess_" . $session_id);
// ... then close the ticket
Because $session_id was directly concatenated into an include() statement, an attacker could supply: The hangup
/vdesk/hangup.php3?sess=../../../../etc/passwd%00
If PHP3’s magic quotes were off, this would read system files. But the real goal was RCE.
The "vdesk hangupphp3 exploit" appears to be a targeted denial-of-service (DoS) vector rather than a Remote Code Execution (RCE) breach. Based on the naming convention, the exploit targets the hangup event handler within a PHP3-era logic gate (or a legacy wrapper in modern VOIP/PBX systems emulating PHP3 behavior). If PHP3’s magic quotes were off, this would
The exploit attempts to trigger a race condition by sending malformed SIP headers or HTTP POST payloads to the hangup.php3 endpoint during an active session termination. The goal is to force the backend process to retain a "zombie" thread while the frontend believes the session has ended.
In a controlled sandbox environment, replicating the exploit yielded inconsistent results.
Since direct code inclusion was often blocked, attackers used session file poisoning:
This technique is precisely what security researchers in the mid-2000s labeled the "vdesk hangupphp3 exploit."