DivX Player <= 6.7.0 SRT File Buffer Overflow PoC

No description provided by source. DIVX Player = 6.7.0 Buffer Overflow PoC .SRT Bug: When parsing a subtitle file with an overly long subtitle DIVX player will deadly crash with eip overwritted: Replace MOVIEFILENAME by your movie filename .avi !/usr/local/bin/perl my $file=MOVIEFILENAME.srt; my...

GDAM123 0.933/0.942 Filename Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5578/info The GDAM123 command-line MP3 player is prone to a buffer overflow condition when handling overly long filenames. Under some circumstances, the player may be installed setuid root to allow unprivileged users to r...

Opera 6.0.x/7.0 Long File Name Remote Heap Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7450/info A vulnerability has been reported for Opera versions 7.10 and earlier. The problem is said to occur due to insufficient bounds checking on filename extensions. As a result, it may be possible for an attacker to...

Microsoft IIS/PWS CGI Filename Double Decode Command Execution

No description provided by source. $Id: ms01026dbldecode.rb 11513 2011-01-08 00:25:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

Dia 0.8x/0.9x Filename Remote Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18078/info Dia is prone to a remote format-string vulnerability. This issue arises when the application handles specially crafted filenames. An attacker can exploit this vulnerability by crafting a malicious filename that...

RARLAB WinRar 2.90/3.x UUE/XXE Invalid Filename Error Message Format String

No description provided by source. source: http://www.securityfocus.com/bid/15062/info WinRAR is prone to multiple remote vulnerabilities. These issues include a format string and a buffer overflow vulnerability. Successful exploitation may allow an attacker to execute arbitrary code on a...

MPlayer <= 1.0pre4 GUI filename handling Overflow Exploit

No description provided by source. / c0ntex open-security org / include errno.h include stdio.h include stdlib.h include string.h include unistd.h include arpa/inet.h include netinet/in.h include sys/types.h include sys/socket.h define SUCCESS 0 / True / define FAILURE 1 / False / define ABANNER...

Unalz 0.x Archive Filename Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15577/info The 'unalz' utility is prone to a buffer-overflow vulnerability. This issue is exposed when the application extracts an ALZ archive that contains a file with a long name. An attacker could exploit this...

Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/8128/info It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API. Because of this, an attacker may be able to gain access to the SYSTEM account. / tac0tac0.c - pay no...

Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (2)

No description provided by source. sploit creater by [email protected] ms06-005 advisory proof of concept heap overflow in wmf.dll @ 0x0035920a denial of service, cuz we can't get this to play nice shamelessly stolen from CANVAS code def intelorderi: str= a=chri % 256 i=i 8 b=chri % 256 i...

Windows 2000/95/98/NT 4.0 Long Filename Extension Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1259/info Windows 95, 98, NT and 2000 suffer from a number of related buffer overflows that can result in a crash if a filename with an extension longer than 128 characters is accessed. Although arbitrary code could be...

NOCC Webmail <= 1.0 (Local Inclusion) Remote Code Execution Exploit

No description provided by source. ?php ---noccw10inclxpl.php 8.22 23/02/2006 NOCC Webmail = 1.0 remote commands execution exploit through arbitrary local inclusion & attachment filename prediction coded by rgod site: http://retrogod.altervista.org - works regardless of any magicquotesgpc setting...

RARLAB WinRAR 3.x LHA Filename Handling Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19043/info WinRAR is susceptible to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This vulnerability allow...

WinRAR Filename Spoofing

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/zip' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT...

Elxis 'filename' Parameter Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37158/info Elxis is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could ai...

Microsoft Internet Explorer 5 \'INPUT TYPE=FILE\' Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2045/info One of the ways users submit information to remote websites is through the INPUT type form options. Users can upload files to remote webservers with the input type=FILE option. Due to a design error in the...

GNU a2ps 4.13 File Name Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11025/info Reportedly GNU a2ps is affected by a filename command-execution vulnerability. This issue is due to the application's failure to properly sanitize filenames. An attacker might leverage this issue to execute...

Softek MailMarshal 4,Trend Micro ScanMail 1.0 SMTP Attachment Protection Bypass

No description provided by source. source: http://www.securityfocus.com/bid/3097/info At least two SMTP gateway products have been identified which contain flaws in the handling of restricted filetypes as attachments. An attacker can insert extraneous characters in the filename extension of a...

MS IIS 3.0/4.0/5.0 PWS Escaped Characters Decoding Command Execution (7)

No description provided by source. source: http://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before...

Write-to-file Shellcode (Win32)

No description provided by source. ; Write-to-file Shellcode ; ; This shellcode was used in the exploit for: CVE-2010-0425 ; Supported: Windows 2000, WinXP, Server 2003, Server 2008, Vista, Windows 7 ; ; Size: 278 bytes ;...