Apple QuickTime 7.2/7.3 RTSP Response Universal Exploit (IE7/FF/Opera)

Exploit for unknown platform in category remote exploits ====================================================================== Apple QuickTime 7.2/7.3 RTSP Response Universal Exploit IE7/FF/Opera ====================================================================== !/usr/bin/python...

Overwrite the SEH overflow exploit detection ideas-vulnerability warning-the black bar safety net

See Security focus on a review of the stack-based fingerprint detecting a buffer overflow of some ideas, which is in the ShellCode is already running in its call stackis Hook the sub calls the function LoadLibraryis detected, some use an overflow overwriting the SEH Handler, and then any programs...

eTrust AntiVirus Agent r8 - Local Privilege Escalation

/ ---------------------------------------------------------------------- | 48Bits Advisory -=- Privilege Elevation in eTrust Antivirus Agent r8 | ---------------------------------------------------------------------- Affected versions : I have tested with: - eTrust Antivirus Agent r8 -...

SupportSoft ActiveX controls contain multiple buffer overflows

Overview The SupportSoft ActiveX controls contain multiple buffer overflow vulnerabilities, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SupportSoft provides multiple ActiveX packages that are used by third party vendors to...

VicFTPS 5.0 - CWD Remote Buffer Overflow (PoC)

VicFTPS 5.0 - CWD Remote Buffer Overflow PoC / VicFTPs Server CWD Remote Buffer Overflow Vulnerability DoS Proof of concept r0ut3r writ3r at gmail.com Thanks to: Marsu Marsupilamipowa at hotmail.fr for helping me out with this vulnerability. Greets Marsu, and Timq. Description: Sending a long...

VicFTPS < 5.0 (CWD) Remote Buffer Overflow Exploit PoC

No description provided by source. / VicFTPs Server CWD Remote Buffer Overflow Vulnerability DoS Proof of concept r0ut3r writ3r at gmail.com Thanks to: Marsu Marsupilamipowa at hotmail.fr for helping me out with this vulnerability. Greets Marsu, and Timq. Description: Sending a long argument to C...

Acunetix WVS 4.0 20060717 - HTTP Sniffer Component Remote Denial of Service

Acunetix WVS 4.0 20060717 - HTTP Sniffer Component Remote Denial of Service !/usr/bin/perl -w Acunetix Web Vulnerability Scanner 4.0 = Build 20060717 HTTP Sniffer component Remote Denial of Service Explaination: I found a DoS in Acunetix WVS doing a little bit of fuzzing. The flaw is triggered wh...

Novell eDirectory 8.x - iMonitor HTTPSTK Buffer Overflow (2)

Novell eDirectory 8.x - iMonitor HTTPSTK Buffer Overflow 2 // source: https://www.securityfocus.com/bid/20655/info The Novell eDirectory server iMonitor is prone to a stack-based buffer-overflow vulnerability because it fails to perform sufficient bounds checking on client-supplied data before...

Novell eDirectory <= 9.0 DHost Remote Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ============================================================= Novell eDirectory | \ / / / / 30\10\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet to look through...

Novell eDirectory 9.0 - DHost Remote Buffer Overflow

Novell eDirectory 9.0 - DHost Remote Buffer Overflow / . \ \ \ \ | | / | | | | \ / / /\ \ / \ | \ / / / / 30\10\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet to look through "MbdMP Going forward may not be the answer...

Novell eDirectory 9.0 - &#039;DHost&#039; Remote Buffer Overflow

/ . \ \ \ \ | | / | | | | \ / / /\ \ / \ | \ / / / / 30\10\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet to look through "MbdMP Going forward may not be the answer .dMMMMMM.P dMM MMMMMM maybe I should go back...

Apple Mac OSX 10.4.7 - Mach Exception Handling Local (10.3.x)

Apple Mac OSX 10.4.7 - Mach Exception Handling Local 10.3.x / excploit.c - 28 Nov 2005 - [email protected] Exploitable Mach Exception Handling Affected: Mac OS X 10.4.6 darwin 8.6.0 and older When a process executes a setuid executable, all existing rights to the task port are invalidated,...

Mac OS X <= 10.4.7 Mach Exception Handling Local Root Exploit

Exploit for macOS platform in category local exploits ============================================================= Mac OS X include include include extern booleant excservermachmsgheadert , machmsgheade...

CVE-2006-2218

Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992...

Design/Logic Flaw

Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS...

CVE-2006-0744

Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS...

CVE-2005-3409

OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service segmentation fault by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler...

CVE-2005-3409

OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service segmentation fault by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler...

openvpn -- potential denial-of-service on servers in TCP mode

James Yonan reports: If the TCP server accept call returns an error status, the resulting exception handler may attempt to indirect through a NULL pointer, causing a segfault. Affects all OpenVPN 2.0 versions...

CrystalFTP Pro 2.8 - Remote Buffer Overflow

/ CrystalFTP Pro v2.8 Buffer Overflow Exploit 04/25/2005 despite the fact that nobody uses CrystalFTP i had to release a new version that replaces the first one. this overwrites the structured exception handler with a "pop edx pop eax ret" in kernel32.dll. this takes us to a pointer of the next...