CVE-2008-7247

sql/sqltable.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a 1 DATA DIRECTORY or 2...

kernel: O_EXCL creates on NFSv4 are broken

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...

Dazzle Blast - Remote File Inclusion

Dazzle Blast - Remote File Inclusion o Dazzle Blast Remote File Inclusion Vulnerability Software : Dazzle Blast Download : http://www.dazzleblast.com/dazzleblast.zip Author : NoGe Contact : nogedotcodeatgmaildotcom Blog : http://evilc0de.blogspot.com/ Home : http://antisecurity.org/ o Vulnerable...

CuteFTP 8.3.3 - 'create new site' Local Buffer Overflow (PoC)

!/usr/bin/env python CuteFTP v8.3.3 Home/Pro/Lite Create New Site Local Buffer Overflow PoC Found By: DrIDE Download: http://www.cuteftp.com/downloads/ Tested On: Windows 7 RC, XP might be more shell friendly Notes: This PoC exploits the "Create New Site" mechanism. Any site type that you pick wi...

MySQL: Format string vulnerability by manipulation with database instances (crash)

Multiple format string vulnerabilities in the dispatchcommand function in libmysqld/sqlparse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service daemon crash and possibly have unspecified other impact via format string specifiers in a database...

PowerISO 4.0 Buffer Overflow

!/usr/bin/env python Poweriso 4.0 Local Buffer Overflow PoC Found By: DrIDE Tested On: XPSP3 Usage: Create New ISO, Add a New Folder, Paste to Rename Folder, Click Save Notes: This must have been fixed somewhere between 4.0 and 4.7 ''' EAX 00ADDDC0 ECX 00000000 EDX 00004000 EBX 00000000 ESP...

PowerISO 4.0 Local Buffer Overflow PoC

No description provided by source. !/usr/bin/env python Poweriso 4.0 Local Buffer Overflow PoC Found By: DrIDE Tested On: XPSP3 Usage: Create New ISO, Add a New Folder, Paste to Rename Folder, Click Save Notes: This must have been fixed somewhere between 4.0 and 4.7 ''' EAX 00ADDDC0 ECX 00000000...

Oracle Database Server REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection (CVE-2009-1021)

Oracle Database Server is an enterprise-level relational database application suite. An SQL injection vulnerability has been reported in Oracle Database server. Remote authenticated attackers having Create Session privileges can exploit this vulnerability to inject and execute malicious SQL...

Kolibri+ Webserver 2 Remote SEH Overwrite

!/usr/bin/python Could not get this to work on XP SP3. php5ts.dll is the only module with safe seh off but could not get the pop pop ret to work correctly despite the large number of usable addresses that were tested. $ ./kolibri.py 192.168.1.146 8080 Kolibri+ Webserver 2 SEH Overwrite Written by...

Enlightenment - Linux Null PTR Dereference Exploit Framework

Exploit for linux platform in category local exploits ============================================================ Enlightenment - Linux Null PTR Dereference Exploit Framework ============================================================ / enlightenment 200909092307 To create your own exploit modu...

CVE-2008-7193

PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery CSRF attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to 1 modify the user profile via uploadfiles/include.php or 2 create a new...

μTorrent (uTorrent) 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)

μTorrent uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow PoC !/usr/bin/env python uTorrent Create New Torrent - Paste string into "Source" field - Click "Add File" buff = "\x41" 9000 try: f1 = open"uTorrent.txt","w"; f1.writebuff; f1.close; print "\nuTorrent = 1.8.3 Build 15772...

Infinity 2.0.5 - Arbitrary Create Admin

Infinity 2.0.5 - Arbitrary Create Admin ?php printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Infinity = 2.0.5 Create Admin /QQQ/\QQQ\ /QQQQQ/ \QQQQQQ\ q POST 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q Owned : |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE...

Use a low-privileged Oracle database accounts give the OS access permissions-bug warning-the black bar safety net

Author:Mickey These days look at the article called"Penetration: from application down to OS Oracle"of the document,feel quite interesting,the document probably means that is,if the ORACLE service is using the administrator account to start,as long as you have a have resource and connect privileg...

Infinity 2.0.5 - Arbitrary Create Admin

?php printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Infinity = 2.0.5 Create Admin /QQQ/\QQQ\ /QQQQQ/ \QQQQQQ\ q POST 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q Owned : |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqaahotmail.fr...

MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)

Exploit for multiple platform in category dos / poc ====================================================== MySQL = 4.0.0 are affected. function prototype: writeTHD thd, enumenumservercommand command, const char format, ... function call: writethd, command, packet; on line 2084: case COMCREATEDB: ...

MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String (PoC)

MySQL tested: Version 5.0.45 on CentOS Linux Format String Vulnerability MySQL General Available GA Release is vulnerable. Latest MySQL Version is not vulnerable since the bug if ifdef'ed off. from mysql-5.0.75 source mysql-5.0.75.tar.gz in the file libmysqld/sqlparse.cc this source code is also...

Integer overflow

Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is...

CVE-2009-2369

Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is...

MaxCMS 2.0 (m_username) Arbitrary Create Admin Exploit

No description provided by source. ?php printr' +---------------------------------------------------------------------------+ maxcms2.0 creat new admin exploit by Securitylab.ir +---------------------------------------------------------------------------+ '; if $argc 3 printr'...