16 matches found
RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)
RGui 3.5.0 - Local Buffer Overflow SEHDEP Bypass !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: RGui 3.5.0 - Local Buffer Overflow SEHDEP Bypass Date: 01-09-2018 Vulnerable Software: RGui 3.5.0 Vendor Homepage: https://www.r-project.org/ Version: 3.5.0 Software Link:...
Windows 10 RCE (Sendbox Escape/Bypass ASLR/Bypass DEP) 0day Exploit
Affected OS: Windows 10 x86 x64 2 Vulnerable Target application versions and reliability. If 32 bit only, is 64 bit vulnerable? The vulnerability is present in the 32-bit and 64-bit versions of Windows 10 1507, 1511, 1607, 1703. With this vulnerability, you can remote code execute in the target...
MS SQL Server 20002005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer
MS SQL Server 20002005 - SQLNS.SQLNamespace COM Object Refresh Unhandled Pointer % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoin...
MyMp3 Player Stack .m3u DEP Bypass Exploit
No description provided by source. ''' Title: MyMp3-Player '.m3u' Stack BOF Bypass DEP Author: Daniel Romero Perez @danielrome Software & Version: MyMp3-Player 3.02.067 Tested on: Windows XP SP3 - ES Mail: [email protected] Blog: unlearningsecurity.blogspot.com Advisor:...
Firebird Relational Database CNCT Group Number Buffer Overflow
This Metasploit module exploits a vulnerability in Firebird SQL Server. A specially crafted packet can be sent which will overwrite a pointer allowing the attacker to control where data is read from. Shortly, following the controlled read, the pointer is called resulting in code execution. The...
MyMp3 Player Stack .m3u DEP Bypass Exploit
Exploit for windows platform in category local exploits ''' Title: MyMp3-Player '.m3u' Stack BOF Bypass DEP Author: Daniel Romero Perez @danielrome Software & Version: MyMp3-Player 3.02.067 Tested on: Windows XP SP3 - ES Mail: email protected Blog: unlearningsecurity.blogspot.com Advisor:...
MyMp3 Player Stack - '.m3u' File DEP Bypass
''' Title: MyMp3-Player '.m3u' Stack BOF Bypass DEP Author: Daniel Romero Perez @danielrome Software & Version: MyMp3-Player 3.02.067 Tested on: Windows XP SP3 - ES Mail: [email protected] Blog: unlearningsecurity.blogspot.com Advisor: https://www.securityfocus.com/bid/38835/info Article:...
MyMP3 Player .m3u Stack Buffer Overflow
''' Title: MyMp3-Player '.m3u' Stack BOF Bypass DEP Author: Daniel Romero Perez @danielrome Software & Version: MyMp3-Player 3.02.067 Tested on: Windows XP SP3 - ES Mail: [email protected] Blog: unlearningsecurity.blogspot.com Advisor: http://www.securityfocus.com/bid/38835/info Article:...
Design/Logic Flaw
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected...
Firefox 3.6.16 OBJECT mChannel Remote Code Execution (DEP bypass)
Exploit for windows platform in category remote exploits require 'msf/core' class Metasploit3 HttpClients::FF, :uaminver = "3.6.16", :uamaxver = "3.6.16", :osname = OperatingSystems::WINDOWS, :javascript = true, :rank = NormalRanking, def initializeinfo = superupdateinfoinfo, 'Name' = 'Mozilla...
Mozilla Firefox "nsTreeRange" Dangling Pointer Vulnerability
$Id: mozillanstreerange.rb 13148 2011-07-10 21:10:45Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Microsoft Internet Explorer - CSS Recursive Import Use-After-Free (MS11-003) (Metasploit)
$Id: ms11003iecssimport.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Microsoft WMI Administration Tools - ActiveX Buffer Overflow (Metasploit)
$Id: wmiadmintools.rb 11579 2011-01-14 16:25:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
Free CD to MP3 Converter 3.1 Buffer Overflow Exploit (Bypass DEP + SEH)
Exploit for windows platform in category local exploits ======================================================================= Free CD to MP3 Converter 3.1 Buffer Overflow Exploit Bypass DEP + SEH ======================================================================= Exploit Title: £ºFree CD ...
Apple QuickTime 7.6.7 _Marshaled_pUnk Code Execution
$Id: applequicktimemarshaledpunk.rb 10196 2010-08-30 21:52:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
绿坝 3.17 URL Processing Buffer Overflow Exploit (meta)
No description provided by source. greendamurl.rb Green Dam URL Processing Buffer Overflow exploit for the Metasploit Framework Green Dam Youth Escort 3.17 successfully exploited on the following platforms: - Internet Explorer 6, Windows XP SP2 - Internet Explorer 7, Windows XP SP3 - Internet...