4067 matches found
VFAT compat ioctls DoS on 64-bit
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kerneldirent struct and cause a denial of service system crash via unknown vectors...
AtomixMP3 2.3 (pls File) Local Buffer OverFlow Exploit
Exploit for unknown platform in category local exploits ====================================================== AtomixMP3 2.3 pls File Local Buffer OverFlow Exploit ====================================================== 0x77394540 jmp esp in mswsock.dll Winxp Pro Version 2002 exploit : A x 516 +EI...
OTSTurntables 1.00 (m3u File) Local Buffer Overflow Exploit
No description provided by source. ?php / OTSTurntables 1.00 Buffer OverFlow 0days 224 bytes available for shellcode,, you can replace it with you favourite one,, 0x77394540 jmp esp in shell32.dll Winxp sp0 exploit : A x 277 +EIP - jmp esp - 4 + Nops -10 + Shellcode -224 if you want to exploit th...
OtsTurntables 1.00 - '.m3u' Local Buffer Overflow
?php / OTSTurntables 1.00 Buffer OverFlow 0days 224 bytes available for shellcode,, you can replace it with you favourite one,, 0x77394540 jmp esp in shell32.dll Winxp sp0 exploit : A x 277 +EIP - jmp esp - 4 + Nops -10 + Shellcode -224 && if you want to exploit this vul with SEH ,, take some inf...
Live for Speed S1/S2/Demo (.spr file) Buffer Overflow Exploit
No description provided by source. / 0day Live for speed patch x s2 /s1 and demo local .Spr File buffer over flow Spr file's are also exploitable although i had to go about it a different Way,At first it wasn't possible to do a jmp esp,But with a little more buffer i Managed to get it to point to...
PHP 5.x (win32service) Local Safe Mode Bypass Exploit
No description provided by source. ?php PHP Safemode bypass exploit win32service Note: Tested on 5.2.1 Author: NetJackal Email: nima501atyahoodotcom Website: http://netjackal.by.ru ...
CVE-2007-4004
CVE-2007-4004 affects the IBM AIX ftp client (bundled with AIX 5.3 SP6 and 5.2.0). A local buffer overflow in the ftp client occurs from gets() calls, and because the ftp client runs setuid root, an unprivileged local user can exploit it to execute arbitrary code with root privileges. Public advi...
6ALBlog (newsid) Remote SQL Injection Vulnerability
No description provided by source. +By CrackersChild+ Portal.......: 6ALBlog All Versions Download.....: http://down.otand.com/download/code/php/blog/6alblog.rar Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote SQL Injection and Remote File...
Code injection
daemon.c in cman redhat-cluster-suite before 20070622 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests...
Acoustica MP3 CD Burner 4.32 - Local Buffer Overflow (PoC)
/ Credit's to n00b for finding this bug and poc.. Acoustica MP3 CD Burner 4.32 local buffer-overflow poc code. Date : May 31'st 2007 Tested:On win xp sp 2. Acoustica Is prone to a buffer-overflow when parasing a .asx playlist file If you can entice some one to open a specialy crafted .asx play li...
CVE-2007-2553
CVE-2007-2553 affects HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6. The issue is an unspecified vulnerability that lets local users gain privileges by providing a large amount of data in the environment, demonstrated by a long environment variable. The connected sources confirm the affected version...
IrfanView 3.99 .ANI File Local Buffer Overflow Exploit (multiple targets)
Exploit for unknown platform in category local exploits ========================================================================= IrfanView 3.99 .ANI File Local Buffer Overflow Exploit multiple targets ========================================================================= / IrfanView 3.99 .ANI...
Man Command - -H Flag Local Buffer Overflow
Man Command - -H Flag Local Buffer Overflow // source: https://www.securityfocus.com/bid/23355/info The 'man' command is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. NOTE: Presumably, this...
IrfanView 3.99 (.ANI File) Local Buffer Overflow Exploit
No description provided by source. / IrfanView 3.99 .ANI File Buffer Overflow IrfanView is vulnerable to a buffer overflow when opening a crafted .ani file. The overflow occurs while it is creating a snapshot of the file. This exploit launches calc.exe. Tested against Win XP SP2 FR. Have Fun! Cod...
readfile() Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4
SecurityRisk : DEN Remote Exploit : No Local Exploit : Yes Exploit Given : Yes Credit : The-WolF-kSA Date : 24.3.2007 Affected Software : PHP 5.2.1/ 5.1.6 / 4.4.4 readfile Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4 Author: ThE-WoLf-KsA Date: - -Written: 24.3.2007 - --- 0.Description --- - --- 1...
Linux Kernel DCCP多个本地信息泄露漏洞
Linux是一款开放源代码的操作系统。 Linux针对DCCP支持存在多个问题,本地攻击者可以利用漏洞访问敏感信息。 问题存在于net/dccp/proto.c文件中的dodccpgetsockopt函数: ----------------------- static int dodccpgetsockoptstruct sock sk, int level, int optname, char user optval, int user optlen ... if getuserlen, optlen return -EFAULT; if len sizeofint return...
php-readfile.txt
SecurityRisk : DEN Remote Exploit : No Local Exploit : Yes Exploit Given : Yes Credit : The-WolF-kSA Date : 24.3.2007 Affected Software : PHP 5.2.1/ 5.1.6 / 4.4.4 readfile Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4 Author: ThE-WoLf-KsA Date: - -Written: 24.3.2007 - --- 0.Description --- - --- 1...
PHP 5.2.1 with PECL phpDOC Local Buffer Overflow Exploit
No description provided by source. ?php //PHP 5.2.1 with PECL phpDOC confirmphpdoccompiled local buffer overflow poc exploit //WIN 2K SP3 version / seh overwrite method //to be launched from the cli // by rgod // site: http://retrogod.altervista.org if !extensionloaded"phpDOC"...
PHP < 4.4.5 / 5.2.1 _SESSION unset() Local Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || // // | |/ || '|/ |/ -| ' / -/ |||| /| || / //...
PHP < 4.4.5 / 5.2.1 _SESSION unset() Local Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...