MUSE-4.9.0.006-(.m3u)

Exploit Title: MUSE v4.9.0.006 .m3u Local Buffer Overflow Exploit Date: August 17, 2010 Author: Glafkos Charalambous glafkos@astalavistadotcom buffersize = 205 nopsled = "\x90" 4 Custom MessageBox x86/shikataganai succeeded with size 104 iteration=1 shellcode =...

Xion-Player-1.0.125

Script provided as is without any warranty. Use for educational purposes only. Do not use this code to do anything illegal ! Corelan does not want anyone to use this script outputfile="corelanc0d3r.m3u" offsettonseh=250 affected by the m3u path length ! junk = "A" offsettonseh nseh="\x41\x45"...

Mandriva Linux Security Advisory : rpm (MDVSA-2014:251)

Updated rpm packages fix security vulnerabilities : It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system...

Discuz!某工具写文件导致getshell

简要描述： 就不告诉你们是什么工具，哼！害羞 详细说明： 产品名：Discuz!应用开发助手 安装量较高，此处分析此产品可getshell的一个部分。 创建应用处如下填写。 此处创建时他会存入数据库，进入下一步。 只需在 “普通页面嵌入脚本” 处 填入任意字符。 如xxx.class.php，填完直接下一步到导出插件包。 此时会在/data/develop/生成igetshell目录,目录下的xxx.class.php为插入的内容。 漏洞证明： 随便找了个站测试的，求不水表。...

Design/Logic Flaw

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

SOL15629 - Multiple GNU Bash vulnerabilities

CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the...

Macromedia ColdFusion MX 6.0 - Remote Development Service File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8109/info A vulnerability has been reported for the RDS service that may allow an attacker to obtain unauthorized access to a data residing on a ColdFusion MX server. The vulnerability is due to the way that authenticatio...

MoviePlay 4.82 - (.lst) Buffer Overflow

No description provided by source. !/usr/bin/env python MoviePlay 4.82 .lst Buffer Overflow Author: sickness Download : http://www.softpedia.com/get/Multimedia/Video/Video-Players/MoviePlay.shtml Previous version exploit can be found here: http://www.exploit-db.com/exploits/4051/ Tested : Windows...

RhinoSoft Serv-U FTP Server 7.2.0.1 'rnto' Command Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31563/info RhinoSoft Serv-U FTP server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an attacker to write arbitrar...

Xine 0.9.x And Xine-Lib 1 Multiple Remote File Overwrite Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10193/info It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file...

Oracle <= 9i / 10g (read/write/execute) Exploitation Suite

No description provided by source. -- -- $Id: raptororaexec.sql,v 1.2 2006/11/23 23:40:16 raptor Exp $ -- -- raptororaexec.sql - java exploitation suite for oracle -- Copyright c 2006 Marco Ivaldi [email protected] -- -- This is an exploitation suite for Oracle written in Java. Use it to --...

74CMS设计缺陷导致被脱裤（有服务器环境限制）

简要描述： 详细说明： 首先我们来科普一下windows的短文件名，也就是下面我们要用到的。 WooYun: ThinkSAAS某处设计缺陷可能导致被拖库利用（环境与功能条件限制） 见上面漏洞的科普介绍，这里我们直接利用吧。 74cms的数据库备份如下： //执行备份 elseif$act =='dobackup' checkpermissions$SESSION'adminpurview',"database"; if !fileexists"../data/".$backupdir."/"adminmsg"备份文件存放目录data/".$backupdir."不存在！",0; if...

CVE-2014-0471

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...

CVE-2014-0471

CVE-2014-0471 describes a directory-traversal in dpkg’s unpacking code (C-style filename quoting) that lets remote attackers write arbitrary files via a crafted source package. Affected are dpkg versions before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8. The root cause is mis-handlin...

[Havij 1.17] Automated and Advanced SQL Injection

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and...

ABB Test Signal Viewer CWGraph3D ActiveX Arbitrary File Creation (CVE-2013-5022)

An arbitrary file writing vulnerability exists in ABB Test Signal Viewer. The vulnerability is due to a directory traversal error in the exposed insecure method ExportStyle by the included CWGraph3D cw3dgrph.ocx ActiveX control. An attacker could exploit this vulnerability by enticing the target...

MGASA-2013-0305 Updated nmap package fixes CVE-2013-4885

Updated nmap packages fix security vulnerability: It is possible to write arbitrary files to a remote system, through a specially crafted server response for NMAP http-domino-enum-passwords.nse script from nmap before 6.40 CVE-2013-4885...

Oracle Linux 5 : php (ELSA-2012-1045)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-1045 advisory. - fix issue in CVE-2012-0057 patch - fix memory handling in CVE-2012-0789 patch - add security fixes for CVE-2012-0057, CVE-2011-4153, CVE-2012-0789,...