UltraVNC w/ DSM Plugin Detection (2)

UltraVNC seems to be running on the remote port. Upon connection, the remote service on this port sends pseudo-random bytes. It is probably UltraVNC with the new DSM encryption plugin. This plugin tunnels the RFB protocol into a RC4 or AES encrypted stream. %NASLMINLEVEL 70300 C Tenable Network...

bsd/x86 setuid/execve shellcode 30 bytes

Exploit for bsd/x86 platform in category shellcode ======================================== bsd/x86 setuid/execve shellcode 30 bytes ======================================== / $Id: setuid-bsd.c,v 1.6 2004/06/02 12:22:30 raptor Exp $ setuid-bsd.c - setuid/execve shellcode for BSD/x86 Copyright c...

SAP Internet Communication Manager DoS

DoS on 264 bytes long URI if Web caching is used...

win32 Tiny Download and Exec Shellcode 192 bytes

win32 Tiny Download and Exec Shellcode 192 bytes. Shellcode exploit for win32 platform ;Tiny Download&&Exec ShellCode codz czy 2007.6.1 ;header 163=6116+8+9+28+9568+27+17 ;163+19=192 comment % -------------------------------------- Tiny Download&&Exec ShellCode-- --size 192 2007.06.01 codz: czy...

movieplay-overflow.txt

!/usr/bin/env ruby MoviePlay 4.76 .lst file Local buffer over-flow. Credit to n00b for writing poc code..Pmsl Tested on :Win xp sp2 eng. Vendor web site: Netfarer.com MoviePlay 4.76 Buffer-over flow reported : Jan 02 2007 12:00AM Credit goes to Parvez Anwar for finding the bug. MoviePlay is prone...

Ace-FTP Client 1.24a Remote Buffer Overflow PoC

Exploit for unknown platform in category dos / poc =============================================== Ace-FTP Client 1.24a Remote Buffer Overflow PoC =============================================== !/usr/bin/python Credit to n00b for finding the bug. Ace-Ftp client buffer over flow p0c. This is...

MoviePlay 4.76 - .lst Local Buffer Overflow

MoviePlay 4.76 - .lst Local Buffer Overflow !/usr/bin/env ruby MoviePlay 4.76 .lst file Local buffer over-flow. Credit to n00b for writing poc code..Pmsl Tested on :Win xp sp2 eng. Vendor web site: Netfarer.com MoviePlay 4.76 Buffer-over flow reported : Jan 02 2007 12:00AM Credit goes to Parvez...

win32 IsDebuggerPresent ShellCode NT/XP 39 bytes

win32 IsDebuggerPresent ShellCode NT/XP 39 bytes. Shellcode exploit for win32 platform / Shellcode Length: 39 bytes / / sets PEB-BeingDebugged to 0 / / IsDebuggerPresent/BeingDebugged bypass / / by ex-pb @ [email protected] / / greets: xgx and all i forgot / include include char ShellCode = "\xEB"...

MagicISO 5.4 (build239) - '.cue' File Local Buffer Overflow

/ -- poc/demo for magiciso exploit, found by n00b -- by: [email protected] -- original email reply comments: I actually looked into this when you posted this on milw0rm. I was able to get it to run arbitrary code, however it was so unreliable it wasn't worth me posting... however, it was informative...

CVE-2007-2292

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...

linux/x86 raw-socket ICMP/checksum shell 235 byte

Exploit for linux/x86 platform in category shellcode ================================================= linux/x86 raw-socket ICMP/checksum shell 235 byte ================================================= ; ; Copyright c 2007 by ; ; 235-byte raw-socket ICMP/checksum shell - x86-lnx ; by mu-b - Nov...

CVE-2007-1649

PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed...

Mercur Messaging 2005 IMAP (SUBSCRIBE) Remote Exploit (win2k SP4)

No description provided by source. !/usr/bin/python Remote exploit for the stack overflow vulnerability in Mercur Messaging 2005 SP3 IMAP service. The exploit was tested on windows 2000 server SP4 in a Vmware environment. At the time of overflow EBX points to our shellcode. However this buffer in...

linux/x86 /sbin/iptables -F 40 bytes

Exploit for linux/x86 platform in category shellcode ==================================== linux/x86 /sbin/iptables -F 40 bytes ==================================== / By Kris Katterjohn 11/18/2006 40 byte shellcode to flush iptables for Linux x86 section .text global start start: ;...

ProSysInfo TFTP Server TFTPDWIN 0.4.2 - UDP Denial of Service

ProSysInfo TFTP Server TFTPDWIN 0.4.2 - UDP Denial of Service !/usr/bin/perl TFTPDWIN Server UDP DOS 0.4.2 POC written By : Umesh Wanve [email protected] ------------------------------------------------------------------------------- TFTPDWIN Server is a Freeware TFTP server for Windows 9x/NT/XP...

linux/x86 HTTP/1.x GET, Downloads and execve() 111 bytes+

No description provided by source. / linux/x86 - HTTP/1.x GET, Downloads and execve - 111 bytes+ This shellcode allows you to download a ELF executable straight off a standard HTTP server and launch it. It will saved locally it into a filename called 'A' in the current directory. CONFIGURATION Th...

solaris/sparc connect-back (with XNOR encoded session) 600 bytes

No description provided by source. / black-RXenc-con-back-SOLARIS.c MIPS This is a relitivly small 600 byte shellcode that encodes all network trafic between the exploited process and the attacker. All clear-text shell i/o is encoded using a simple NOT algo before being transmitted on the wire...

openbsd/x86 execve(/bin/sh) 23 bytes

No description provided by source. / OpenBSD/x86 Shellcode for: execve"/bin/sh", "/bin/sh", NULL 23 bytes hophet at gmail.com http://www.nlabs.com.br/hophet/ Fancy mappings by iruata souza muzgo iru.muzgo!gmail.com http://openvms-rocks.com/muzgo/ / include sys/types.h include sys/stat.h include...

solaris/sparc executes command after setreuid (92 bytes + cmd)

No description provided by source. / bunkersparcexec.c V1.0 - Sat Oct 21 17:45:27 CEST 2006 Solaris/sparc bytecode that executes command after setreuid 92 bytes + cmd setreuid0, 0 + execve"/bin/sh", "/bin/sh","-c","cmd", NULL; bunker - http://rawlab.mindcreations.com...

CVE-2007-0126

CVE-2007-0126 concerns Opera 9.02 where a heap-based overflow in processing a JPEG Define Huffman Table (DHT) marker can allow remote code execution. Connected advisories alsoreference CVE-2007-0127 related to a typecasting issue in Opera’s SVG handling. Mitigation documented in GLSA 200701-08 an...