FreeBSD : bnc -- remotely exploitable buffer overflow in getnickuserhost (9be819c6-4633-11d9-a9e7-0001020eed82)

A LSS Security Advisory reports : There is a buffer overflow vulnerability in getnickuserhost function that is called when BNC is processing response from IRC server. Vulnerability can be exploited if attacker tricks user to connect to his fake IRC server that will exploit this vulnerability. If...

[Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability

Multiple Vendor Cacti configsettings.php Remote Code Execution Vulnerability iDEFENSE Security Advisory 06.22.05 www.idefense.com/application/poi/display?id=266&type=vulnerabilities June 22, 2005 I. BACKGROUND Cacti is a round-robin database RRD tool that helps create graphs from database...

CVE-2002-1782

The default configuration of University of Washington IMAP daemon wu-imapd, when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user...

PeerCast 0.1211 - Remote Format String

PeerCast 0.1211 - Remote Format String / \ PeerCast \ / by Darkeagle darkeagle at linkin-park dot cc \ / uKt researcherz http://unl0ck.org \ / greetz goes to: uKt researcherz. \ / \ - smallest code - better code!!! / / include include include include include include include include include includ...

Golden FTP Server Pro 2.52 - Remote Buffer Overflow (2)

Golden FTP Server Pro 2.52 - Remote Buffer Overflow 2 / Golden FTP Server Pro remote stack BOF exploit author : c0d3r "kaveh razavi" [email protected] [email protected] risk : highly critical vender status : no patch released , all targets are vuln package : golden-ftp-server-pro 2.5.0.0 and...

AWStats 5.7 - 6.2 Multiple Remote Exploit (extra)

Exploit for cgi platform in category web applications ================================================= AWStats 5.7 - 6.2 Multiple Remote Exploit extra ================================================= / Awstats exploit "shell" code by omin0us omin0us208 at gmail dot com dtors security group .:...

AWStats 5.7 - 6.2 Multiple Remote Exploit (extra)

No description provided by source. / Awstats exploit "shell" code by omin0us omin0us208 at gmail dot com dtors security group .: http://dtors.ath.cx :. Vulnerability reported by iDEFENSE pluginmode bug has been found by GHC team. The awstats exploit that was discovered allows a user to execute...

ngIRCd <= 0.8.2 Remote Format String Exploit

Exploit for linux platform in category remote exploits ============================================ ngIRCd Use: ./ngircdfsexp -h options options: -h host or IP -p ircd port by default 6667 -t type of target system -g syslog GOT address -o offset RET addr by default 0x0806b000 -b brutefoce the RET...

ngIRCd 0.8.2 - Remote Format String

/ ngircdfsexp.c ngIRCd Use: ./ngircdfsexp -h options options: -h host or IP -p ircd port by default 6667 -t type of target system -g syslog GOT address -o offset RET addr by default 0x0806b000 -b brutefoce the RET address from 0x0806b000 + offset -l targets list root@servidor:/home/coki/audit...

goldenSploit.pl

For the millions that use this ftp server: http://www.goldenftpserver.com/ It has numerous cool features, like no authentication whatsoever, typos in error messages, buffer overflows etc... I just opened it up when my dog jumped on the keyboard and accidentally send a specially crafted packet to...

bnc -- remotely exploitable buffer overflow in getnickuserhost

A LSS Security Advisory reports: There is a buffer overflow vulnerability in getnickuserhost function that is called when BNC is processing response from IRC server. Vulnerability can be exploited if attacker tricks user to connect to his fake IRC server that will exploit this vulnerability. If t...

WvTFTPd 0.9 Remote Root Heap Overflow Exploit

Exploit for linux platform in category remote exploits ============================================= WvTFTPd 0.9 Remote Root Heap Overflow Exploit ============================================= / wvtftp option name heap overflow remote root exploit infamous42md AT hotpop DOT com exploitation is no...

WvTFTPd 0.9 Remote Root Heap Overflow Exploit

No description provided by source. / wvtftp option name heap overflow remote root exploit infamous42md AT hotpop DOT com exploitation is not exactly straight forward. When we overflow our buffer, we overwrite a pointer that is freed before we get to trigger our overwrite. so we have to restore th...

YahooPOPs <= 1.6 SMTP Remote Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ==================================================== YahooPOPs include include include include include include char scode = //Bind shell on port 101, taken from the windows exploit by class101 "\xEB"...

BSD bmon 1.2.1_2 - Local acls Bypass

!/usr/local/bin/bash Written by Idan Nahoum. [email protected] local exploit for FreeBSD/OpenBSD with bmon default: $BMONEXEC" "$" -gt "0" && BMONEXEC="$1" -x "$BMONEXEC" || echo "$BMONEXEC not found" exit cd /tmp apparently bmon closes stdout, so we run a shell with stdout redirected to stderr. cat...

1. Exploit for Cutenews 1.3 1.3.1 1.3.2, AND Bug in Cutenews v1.3.6

Cutenews v1.3 v1.3.1 v1.3.2 Shell exploit 2. bug-traq :: Cutenews 1.3.6 Shell Network security team nst.e-nex.com Title: shell in Cutenews 1.3.6 Bug found by: тёмыч Date: 7.09.2004 web: http://cutephp.com/ Бага работает толька в v1.3.6 Все ваши дальнейшие скрипты должны быть на хостинге каторый...

linux/x86 add user t00r 82 bytes

No description provided by source. / [email protected] 0x14abril0x7d2 82 bytes Agrega la linea "t00r::0:0::/:/bin/sh" en /etc/passwd Encriptada en http://www.shellcode.com.ar/linux/lnx-t00r-cr1.c / include stdio.h // Shellcode // Asm Code char shellcode= "\x31\xc0" // xorl %eax,%eax "\x50...

Trillian 0.74i MSN Module - Remote Buffer Overflow

Trillian 0.74i MSN Module - Remote Buffer Overflow / Cerulean Studios Trillian 0.74i Buffer Overflow in MSN module exploit created by Komrade - unsecure altervista org Written for Windows 2000 / Windows XP. Tested on Windows XP Professional sp0. This exploit spawn a shell on port 5555, you have...

Courier-IMAP 3.0.2-r1 - &#039;auth_debug()&#039; Remote Format String

/ courier-imap = 3.0.2-r1 Remote Format String Vulnerability exploit Author: ktha at hush dot com Tested on FreeBSD 4.10-RELEASE with courier-imap-3.0.2 Special thanks goes to andrewg for providing the FreeBSD box. Greetings: all the guys from irc pulltheplug com and irc netric org bash-2.05b$...

PHP < 4.0.4 php.cgi Shell Access Overflow

Binary data 1482.prm...