Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

192 matches found

Packet Storm
Packet Stormadded 2007/12/29 12:0 a.m.25 views

persists-addfolder.txt

I took a shot at writing an exploit for this, so here goes. Choice of WinExecthe calculator, what else? or a bindshell. ------------------------------- Persits Software XUpload Control AddFolder BoF Exploit function Check var buf = 'A'; while buf.length = 1387 buf = buf + 'A'; // win32exec -...

7.4AI score
Exploits0
seebug.org
seebug.orgadded 2007/12/20 12:0 a.m.16 views

win32 WinExec() Command Parameter 104+ bytes

No description provided by source. ; ; relocateable dynamic runtime assembly code example using hash lookup ; ; WinExec with ExitThread ; 104 bytes ; ; for testing: ; ; ml /c /coff /Cp wexec2.asm ; link /subsystem:windows /section:.text,w wexec2.obj ; ; wyse101 at gmail.com ; ; October 2006 ; .38...

7.1AI score
Exploits0
seebug.org
seebug.orgadded 2007/08/26 12:0 a.m.21 views

PHP FFI Extension 5.0.5 Local Safe_mode Bypass Exploit

No description provided by source. ?php ---------------------------------------------------- -----PHP FFI Extension Safemode Bypass Exploit----- ---------------------------------------------------- -Tested on 5.0.5------------------------------------...

7.1AI score
Exploits0
Prion
Prionadded 2007/08/25 12:17 a.m.12 views

Cross site scripting

The Foreign Function Interface ffi extension in PHP 5.0.5 does not follow safemode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does n...

4.3CVSS7.8AI score0.02955EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2007/08/25 12:17 a.m.17 views

CVE-2007-4528

The Foreign Function Interface ffi extension in PHP 5.0.5 does not follow safemode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does n...

4.3CVSS7.5AI score0.02955EPSS
Exploits0References1
CVE
CVEadded 2007/08/25 12:0 a.m.51 views

CVE-2007-4528

CVE-2007-4528 concerns PHP’s Foreign Function Interface (ffi) extension in PHP 5.0.5, which does not enforce safe_mode restrictions. This can let context-dependent attackers load an arbitrary DLL and call a function (e.g., kernel32.dll and WinExec), yielding arbitrary code execution in affected c...

4.3CVSS7.5AI score0.02955EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2007/08/25 12:0 a.m.25 views

CVE-2007-4528

The Foreign Function Interface ffi extension in PHP 5.0.5 does not follow safemode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does n...

7.5AI score0.02955EPSS
Exploits0References1
Packet Storm
Packet Stormadded 2007/08/24 12:0 a.m.26 views

phpffi-bypass.txt

?php ---------------------------------------------------- -----PHP FFI Extension Safemode Bypass Exploit----- ---------------------------------------------------- -Tested on 5.0.5------------------------------------ ----------------------------------------------------...

Exploits0
exploitpack
exploitpackadded 2007/08/23 12:0 a.m.15 views

PHP FFI Extension 5.0.5 - Safe_mode Local Bypass

PHP FFI Extension 5.0.5 - Safemode Local Bypass ?php ---------------------------------------------------- -----PHP FFI Extension Safemode Bypass Exploit----- ---------------------------------------------------- -Tested on 5.0.5------------------------------------...

0.3AI score
Exploits0
Exploit DB
Exploit DBadded 2007/08/23 12:0 a.m.132 views

PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local Bypass

Win...

7.4AI score
Exploits0
myhack58
myhack58added 2007/07/07 12:0 a.m.13 views

Not dead shellcode-exploit warning-the black bar safety net

HEE HEE,today the computer some of the things transferred to the mobile hard disk,find yourself previously voted over the few manuscript,crude see an article but there are a few articles or a little heat,simply submit to the evil eight,hope can be a friend in need some help...rookie write the dis...

7.8AI score
Exploits0
0day.today
0day.todayadded 2007/06/27 12:0 a.m.35 views

win32 Tiny Download and Exec Shellcode 192 bytes

Exploit for win32 platform in category shellcode ================================================ win32 Tiny Download and Exec Shellcode 192 bytes ================================================ ;Tiny Download&&Exec ShellCode codz czy 2007.6.1 ;header 163=6116+8+9+28+9568+27+17 ;163+19=192 comme...

7AI score
Exploits0
0day.today
0day.todayadded 2007/06/14 12:0 a.m.29 views

win32 download and execute 124 bytes

Exploit for win32 platform in category shellcode ==================================== win32 download and execute 124 bytes ==================================== ; ; relocateable dynamic runtime assembly code example using hash lookup for IE exploits only ; the URLMON.DLL must already be loaded int...

7AI score
Exploits0
seebug.org
seebug.orgadded 2007/06/14 12:0 a.m.15 views

win32 download and execute 124 bytes

No description provided by source. ; ; relocateable dynamic runtime assembly code example using hash lookup for IE exploits only ; the URLMON.DLL must already be loaded into the process space for this to work, so do not run on its own!! ; ; to test use /DTESTCODE in ml command line ; ;...

7.1AI score
Exploits0
0day.today
0day.todayadded 2007/03/28 12:0 a.m.13 views

Corel Wordperfect X3 13.0.0.565 (.PRS) Local Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ==================================================================== Corel Wordperfect X3 13.0.0.565 .PRS Local Buffer Overflow Exploit ==================================================================== / wp13exp.c - Wordperfect X3 remote...

6.8AI score
Exploits0
0day.today
0day.todayadded 2007/03/25 12:0 a.m.24 views

PHP 5.2.1 with PECL phpDOC Local Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ======================================================== PHP 5.2.1 with PECL phpDOC Local Buffer Overflow Exploit ======================================================== 0day.today 2018-03-14...

6.8AI score
Exploits0
0day.today
0day.todayadded 2007/03/09 12:0 a.m.26 views

PHP 4.4.6 snmpget() object id Local Buffer Overflow Exploit PoC

Exploit for unknown platform in category local exploits =============================================================== PHP 4.4.6 snmpget object id Local Buffer Overflow Exploit PoC =============================================================== 0day.today 2017-12-31...

6.8AI score
Exploits0
Exploit DB
Exploit DBadded 2007/03/09 12:0 a.m.28 views

PHP 4.4.6 - 'snmpget()' Object id Local Buffer Overflow

milw0rm.com 2007-03-09...

7.4AI score
Exploits0
seebug.org
seebug.orgadded 2007/03/08 12:0 a.m.25 views

PHP 4.4.6 crack_opendict() Local Buffer Overflow Exploit PoC

No description provided by source. ?php //PHP 4.4.6 crackopendict local buffer overflow poc exploit //win2k sp3 version / seh overwrite method //to be launched from the cli // by rgod // site: http://retrogod.altervista.org if !extensionloaded"crack" die"you need the crack extension loaded.";...

7.1AI score
Exploits0
exploitpack
exploitpackadded 2007/03/08 12:0 a.m.9 views

PHP 4.4.6 - crack_opendict() Local Buffer Overflow

PHP 4.4.6 - crackopendict Local Buffer Overflow milw0rm.com 2007-03-08...

0.7AI score
Exploits0
Rows per page
Query Builder