Ubuntu 12.10 64-Bit sock_diag_handlers - Local Root Exploit

No description provided by source. include unistd.h include sys/socket.h include linux/netlink.h include netinet/tcp.h include errno.h include linux/if.h include linux/filter.h include string.h include stdio.h include stdlib.h include linux/sockdiag.h include linux/inetdiag.h include...

HP Data Protector Media Operations NULL Pointer Dereference Remote DoS

No description provided by source. !/usr/bin/python import socket,struct,sys,os SIGN=0x04030201 cmd=0x01000000 def main: if lensys.argv!=2: print\nx Usage: python +sys.argv0+ ipserver \n sys.exit0 else: host=sys.argv1,19813 default port TCP/19813 if sys.platform==win32: os.systemcls else:...

Video Games Rentals Script - SQL Injection Vulnerability

No description provided by source. Exploit Title: video games rentals Script SQL injection Vulnerability Date: 11/02/2010 Author: JaMbA Software Link: N/A Version: all version Tested on: Windows & Linux CVE : ::::::::::::::::::::::::: Exploit Title : video games rentals Script SQL injection...

iphone ifile 2.0 - Directory Traversal

No description provided by source. ---------------------------------------------------------------- Software : iPhone iFile 2.0 Type of vunlnerability : Directory Traversal Tested On : iPhone 4 IOS 4.0.1 Risk of use : High ---------------------------------------------------------------- Program...

GAzie <= 5.20 Cross Site Request Forgery

No description provided by source. ======================================== GAzie = 5.20 Cross Site Request Forgery ======================================== Author: giudinvx Email: giudinvxatgmaildotcom Date: 5/02/2012 Site: http://www.giudinvx.altervista.org/...

Xt Library Local Root Command Execution Exploit

No description provided by source. include include include define DEFAULTOFFSET 0 define BUFFERSIZE 1491 long getespvoid asmmovl %esp,%eax\n; mainint argc, char argv char buff = NULL; unsigned long addrptr = NULL; char ptr = NULL; char execshell = \xeb\x23 \x5e \x8d\x1e \x89\x5e\x0b \x31\xd2...

Zemana AntiLogger AntiLog32.sys <= 1.5.2.755 Local Privilege Escalation Vulnerability

No description provided by source. Zemana AntiLogger AntiLog32.sys = 1.5.2.755 Local Privilege Escalation Vulnerability VULNERABLE PRODUCTS Zemana AntiLogger =1.9.2.2.206 DETAILS: AntiLog32.sys create a device called \Device\AntiLog32 , and handles DeviceIoControl request IoControlCode = 0x800020...

webpa <= 1.1.0.1 - Multiple Vulnerabilities

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-08-23 WebPA = 1.1.0.1 Multiple Vulnerabilities Script: WebPA is an open source online peer...

Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005)

No description provided by source. / For Remote Exploration hint: http://www.spyinstructors.com/atmaca/research/wmpremotepoc.asx / / Windows Media Player BMP Heap Overflow MS06-005 Bug discovered by eEye - http://www.eeye.com/html/research/advisories/AD20060214.html Exploit coded by ATmaCA Web:...

Rational Software ClearCase for Unix 3.2 ClearCase SUID Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/538/info Rational Software's ClearCase product includes a vulnerability whereby an unprivileged user can have any readable executable set to SUID root.. A 1.5 meg file is copied and then chmod'ed to SUID, and during the...

Hosting Controller <= 0.6.1 Unauthenticated User Registeration (3rd)

No description provided by source. !-- Hi, I'm Soroush Dalili from GSG GrayHatz Security Group. Title: Hosting controller program have a security bug in UserProfile.asp that an authenticated user can change other's profiles. Why is it dangerous: a user can change other's email address and then us...

Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability

No description provided by source. //////////////////////////////////////////////////////////////////////////// // // Title: Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability // Author: Lufeng Li of Neusoft Corporation // Vendor: www.microsoft.com // Vulnerable: Windows xp sp3full...

DameWare Mini Remote Control Server 3.7x Pre-Authentication Buffer Overflow Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/9213/info A problem has been identified in the handling of pre-authentication packets by DameWare Mini Remote Control Server. Because of this, it may be possible for a remote attacker to gain unauthorized access to hosts...

phf buffer overflow exploit for Linux-x86

No description provided by source. / | phx.c -- phf buffer overflow exploit for Linux-ix86 | Copyright c 2000 by proton. All rights reserved. | | This program is free software; you can redistribute it and/or modify | it under the terms of the GNU General Public License as published by | the Free...

businesswiki 2.5rc3 - Stored XSS & arbitrary file upload

No description provided by source. !/usr/bin/python ''' Exploit Title: Stored XSS & Arbitrary File Upload Vulnerabilities in BusinessWiki. Date: 23/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://onbusinesswiki.com/ Software Link:...

ToxSoft NextFTP 1.82 Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/572/info ToxSoft's shareware FTP client, NextFTP, contains an unchecked buffer in the code that parses CWD command replies. If the FTP server's reply contains the exploit code, arbitrary commands can be run on the client...

CREAR ALMail32 1.10 Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/574/info The ALMail32 POP3 client conatins unchecked buffers in the header parsing code. An abnormally long FROM: or TO: field in the header of an incoming email will overwrite the buffer and allow arbitrary code to be...

YPOPS! 0.9.7.3 - Buffer Overflow (SEH)

No description provided by source. Version:0.9.7.3 Tested on: Windows XP SP3 !/usr/bin/python All modules are SafeSEH protected in service pack 3. import socket, sys print \n ======================================== print YPOPS! v 0.9.7.3 Buffer Overflow SEH print Proof of Concept by Blake print...

Mambo com_registration_detailed <= 4.1 - Remote File Include

No description provided by source. Mambo comregistrationdetailed = 4.1 Remote File Inclusion Download Source : http://mamboxchange.com/projects/regdetailed/ Dork = allinur:comextendedregistration Found By: k1tk4t - k1tk4td0th4ck4tgmaild0tcom Location: Indonesia file ; registrationdetailed.inc.php...

Eterm 0.8.10,rxvt 2.6.1,PuTTY 0.48,X11R6 3.3.3/4.0 - Denial of Service

No description provided by source. source: http://www.securityfocus.com/bid/1298/info xterm is a popular X11-based terminal emulator. If VT control-characters are displayed in the xterm, they can be interpreted and used to cause a denial of service attack against the client and even the host...