CVE-2002-1782

The default configuration of University of Washington IMAP daemon wu-imapd, when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user...

PeerCast 0.1211 - Remote Format String

PeerCast 0.1211 - Remote Format String / \ PeerCast \ / by Darkeagle darkeagle at linkin-park dot cc \ / uKt researcherz http://unl0ck.org \ / greetz goes to: uKt researcherz. \ / \ - smallest code - better code!!! / / include include include include include include include include include includ...

Golden FTP Server Pro 2.52 - Remote Buffer Overflow (2)

Golden FTP Server Pro 2.52 - Remote Buffer Overflow 2 / Golden FTP Server Pro remote stack BOF exploit author : c0d3r "kaveh razavi" [email protected] [email protected] risk : highly critical vender status : no patch released , all targets are vuln package : golden-ftp-server-pro 2.5.0.0 and...

AWStats 5.7 - 6.2 Multiple Remote Exploit (extra)

Exploit for cgi platform in category web applications ================================================= AWStats 5.7 - 6.2 Multiple Remote Exploit extra ================================================= / Awstats exploit "shell" code by omin0us omin0us208 at gmail dot com dtors security group .:...

AWStats 5.7 - 6.2 Multiple Remote Exploit (extra)

No description provided by source. / Awstats exploit "shell" code by omin0us omin0us208 at gmail dot com dtors security group .: http://dtors.ath.cx :. Vulnerability reported by iDEFENSE pluginmode bug has been found by GHC team. The awstats exploit that was discovered allows a user to execute...

ngIRCd 0.8.2 - Remote Format String

/ ngircdfsexp.c ngIRCd Use: ./ngircdfsexp -h options options: -h host or IP -p ircd port by default 6667 -t type of target system -g syslog GOT address -o offset RET addr by default 0x0806b000 -b brutefoce the RET address from 0x0806b000 + offset -l targets list root@servidor:/home/coki/audit...

ngIRCd <= 0.8.2 Remote Format String Exploit

Exploit for linux platform in category remote exploits ============================================ ngIRCd Use: ./ngircdfsexp -h options options: -h host or IP -p ircd port by default 6667 -t type of target system -g syslog GOT address -o offset RET addr by default 0x0806b000 -b brutefoce the RET...

goldenSploit.pl

For the millions that use this ftp server: http://www.goldenftpserver.com/ It has numerous cool features, like no authentication whatsoever, typos in error messages, buffer overflows etc... I just opened it up when my dog jumped on the keyboard and accidentally send a specially crafted packet to...

bnc -- remotely exploitable buffer overflow in getnickuserhost

A LSS Security Advisory reports: There is a buffer overflow vulnerability in getnickuserhost function that is called when BNC is processing response from IRC server. Vulnerability can be exploited if attacker tricks user to connect to his fake IRC server that will exploit this vulnerability. If t...

WvTFTPd 0.9 Remote Root Heap Overflow Exploit

Exploit for linux platform in category remote exploits ============================================= WvTFTPd 0.9 Remote Root Heap Overflow Exploit ============================================= / wvtftp option name heap overflow remote root exploit infamous42md AT hotpop DOT com exploitation is no...

WvTFTPd 0.9 Remote Root Heap Overflow Exploit

No description provided by source. / wvtftp option name heap overflow remote root exploit infamous42md AT hotpop DOT com exploitation is not exactly straight forward. When we overflow our buffer, we overwrite a pointer that is freed before we get to trigger our overwrite. so we have to restore th...

YahooPOPs <= 1.6 SMTP Remote Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ==================================================== YahooPOPs include include include include include include char scode = //Bind shell on port 101, taken from the windows exploit by class101 "\xEB"...

BSD bmon 1.2.1_2 - Local acls Bypass

!/usr/local/bin/bash Written by Idan Nahoum. [email protected] local exploit for FreeBSD/OpenBSD with bmon default: $BMONEXEC" "$" -gt "0" && BMONEXEC="$1" -x "$BMONEXEC" || echo "$BMONEXEC not found" exit cd /tmp apparently bmon closes stdout, so we run a shell with stdout redirected to stderr. cat...

1. Exploit for Cutenews 1.3 1.3.1 1.3.2, AND Bug in Cutenews v1.3.6

Cutenews v1.3 v1.3.1 v1.3.2 Shell exploit 2. bug-traq :: Cutenews 1.3.6 Shell Network security team nst.e-nex.com Title: shell in Cutenews 1.3.6 Bug found by: тёмыч Date: 7.09.2004 web: http://cutephp.com/ Бага работает толька в v1.3.6 Все ваши дальнейшие скрипты должны быть на хостинге каторый...

linux/x86 add user t00r 82 bytes

No description provided by source. / [email protected] 0x14abril0x7d2 82 bytes Agrega la linea "t00r::0:0::/:/bin/sh" en /etc/passwd Encriptada en http://www.shellcode.com.ar/linux/lnx-t00r-cr1.c / include stdio.h // Shellcode // Asm Code char shellcode= "\x31\xc0" // xorl %eax,%eax "\x50...

Trillian 0.74i MSN Module - Remote Buffer Overflow

Trillian 0.74i MSN Module - Remote Buffer Overflow / Cerulean Studios Trillian 0.74i Buffer Overflow in MSN module exploit created by Komrade - unsecure altervista org Written for Windows 2000 / Windows XP. Tested on Windows XP Professional sp0. This exploit spawn a shell on port 5555, you have...

Courier-IMAP 3.0.2-r1 - &#039;auth_debug()&#039; Remote Format String

/ courier-imap = 3.0.2-r1 Remote Format String Vulnerability exploit Author: ktha at hush dot com Tested on FreeBSD 4.10-RELEASE with courier-imap-3.0.2 Special thanks goes to andrewg for providing the FreeBSD box. Greetings: all the guys from irc pulltheplug com and irc netric org bash-2.05b$...

PHP < 4.0.4 php.cgi Shell Access Overflow

Binary data 1482.prm...

GV PostScript Viewer - Remote Buffer Overflow (1)

/ gv postscript viewer exploit , infamous42md AT hotpop DOT com run of the mill bof. spawns a remote shell on port 7000. woopty doo. if someone has been able to exploit the heap overflow in cfengine, please email me and teach me something. after days of pain i've concluded it's not possible b/c y...

OpenFTPd 0.30.1 - message system Remote Shell

/ shouts to mitakeet :D exploit for openftpd format string bug. tested on most current version only. -infamous42md AT hotpop DOT com is real email only tricky part is find a place to stick the shell, as there isn't enough room to send it with the format string. thankfully when using the 'site msg...