HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH)

!/usr/bin/python HP OpenView NNM 7.5.1 OVAS.EXE Pre Authentication SEH Overflow Tested on Windows 2003 Server SP1. Coded by Mati Aharoni muts..at..offensive-security.com http://www.offensive-security.com/0day/hp-nnm-ov.py.txt shameless plug This vulnerability was found, analysed and exploited as...

Alphanumeric Shellcode Encoder Decoder

Exploit for generator platform in category shellcode ====================================== Alphanumeric Shellcode Encoder Decoder ====================================== / //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////...

CVE-2007-3596

CVE-2007-3596 affects phpVideoPro up to version 0.8.7 (before 0.8.8). The vulnerability is in inc/vul_check.inc where the sess_id parameter accepts non‑alphanumeric characters. The impact is described as unknown (no explicit impact or attack vector details beyond a likely cross‑site scripting sug...

tinyidentd-overflow.txt

tinyidentd exploit code by thomas . pollet at gmail . com bug by Maarten Boone usage: python exploit.py target import socket,sys jmp into nop sled payload = '\xeb\x20' ident crap payload += ', 28 : USERID : UNIX : ' nop sled payload +='XXXX' jmp %esi payload += '\x77\x13\x83\x7c' XP kernel32.dll...

TinyIdentD <= 2.2 Remote Buffer Overflow Exploit

No description provided by source. tinyidentd exploit code by thomas . pollet at gmail . com bug by Maarten Boone usage: python exploit.py target import socket,sys jmp into nop sled payload = '\xeb\x20' ident crap payload += ', 28 : USERID : UNIX : ' nop sled payload +='XXXX' jmp %esi payload +=...

frontbase427-remote.txt

/ Dreatica-FXP crew ---------------------------------------- Target : Frontbase = 4.2.7 for Windows Site : http://www.frontbase.com Found by : Netragard, L.L.C Advisory ---------------------------------------- Exploit date : 25.03.2007 Exploit writer : Heretic2 [email protected] OS : Windows 20...

Frontbase <= 4.2.7 Remote Buffer Overflow Exploit (windows)

No description provided by source. / Dreatica-FXP crew ---------------------------------------- Target : Frontbase = 4.2.7 for Windows Site : http://www.frontbase.com Found by : Netragard, L.L.C Advisory ---------------------------------------- Exploit date : 25.03.2007 Exploit writer : Heretic2...

Frontbase 4.2.7 (Windows) - Remote Buffer Overflow

Frontbase 4.2.7 Windows - Remote Buffer Overflow / Dreatica-FXP crew ---------------------------------------- Target : Frontbase = 4.2.7 for Windows Site : http://www.frontbase.com Found by : Netragard, L.L.C Advisory ---------------------------------------- Exploit date : 25.03.2007 Exploit writ...

helix-1101.txt

/usr/bin/python Remote exploit for the vulnerability in Helix server v11.0.1 as described at http://gleg.net/helix.txt The exploit spawns a shell on TCP port 4444 and connects to it. At the time of overflow we control EAX which is used in a call as follows 00420C64: call dword ptr eax + 4 ECX...

caid-msgeng.txt

!/usr/bin/python This one was listed in the SANS TOP 20 and I needed an exploit for analysis. I couldnt find a reliable exploit for my analysis and so came up with this. Remote exploit for the CA BrightStor msgeng.exe service stack overflow vulnerability as described in LS-20060330.pdf on...

CA BrightStor ARCserve (msgeng.exe) Remote Stack Overflow Exploit

No description provided by source. !/usr/bin/python This one was listed in the SANS TOP 20 and I needed an exploit for analysis. I couldnt find a reliable exploit for my analysis and so came up with this. Remote exploit for the CA BrightStor msgeng.exe service stack overflow vulnerability as...

CA BrightStor ARCserve - msgeng.exe Remote Stack Overflow

CA BrightStor ARCserve - msgeng.exe Remote Stack Overflow !/usr/bin/python This one was listed in the SANS TOP 20 and I needed an exploit for analysis. I couldnt find a reliable exploit for my analysis and so came up with this. Remote exploit for the CA BrightStor msgeng.exe service stack overflo...

CA BrightStor ARCserve (msgeng.exe) Remote Stack Overflow Exploit

Exploit for unknown platform in category remote exploits ================================================================= CA BrightStor ARCserve msgeng.exe Remote Stack Overflow Exploit ================================================================= !/usr/bin/python This one was listed in the...

CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow

!/usr/bin/python This one was listed in the SANS TOP 20 and I needed an exploit for analysis. I couldnt find a reliable exploit for my analysis and so came up with this. Remote exploit for the CA BrightStor msgeng.exe service stack overflow vulnerability as described in LS-20060330.pdf on...

Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Remote Buffer Overflow

!/usr/bin/python Port bind exploit for apple quicktime rtsp vulnerability Tested on windows 2000 SP0 and SP4 with quicktime 7.1.3.100. Should be easy to port the exploit to others. All one needs to do is look for the appropriate jump address. Certain characters are not permitted in the shellcode...

Apple QuickTime (Windows 2000) - rtsp URL Handler Remote Buffer Overflow

Apple QuickTime Windows 2000 - rtsp URL Handler Remote Buffer Overflow !/usr/bin/python Port bind exploit for apple quicktime rtsp vulnerability Tested on windows 2000 SP0 and SP4 with quicktime 7.1.3.100. Should be easy to port the exploit to others. All one needs to do is look for the appropria...

CVE-2006-3016

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting XSS, and HTTP response splitting...

wmp_overflow.htm.txt

WMP Plugin EMBED Exploit // Windows Media Player Plug-In EMBED Overflow Universal Exploit MS06-006 // By Matthew Murphy [email protected] // // DISCLAIMER: // // This exploit code is intended only as a demonstration tool for // educational or testing purposes. It is not intended to be used for...

Microsoft Windows Media Player 10 - Plugin Overflow (MS06-006)

WMP Plugin EMBED Exploit // Windows Media Player Plug-In EMBED Overflow Universal Exploit MS06-006 // By Matthew Murphy [email protected] // // DISCLAIMER: // // This exploit code is intended only as a demonstration tool for // educational or testing purposes. It is not intended to be used for...

Alpha2 Alphanumeric Unicode Uppercase Encoder

Encodes payload as unicode-safe uppercase text. This encoder uses SkyLined's Alpha2 encoding suite. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/encoder/alpha2/unicodeupper' class MetasploitModule...