20 matches found
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Hp Power_Manager
As part of my OSCP preparation I came across CVE-2009-3999 HP P...
CVE-2018-25265 LanSpy 2.0.1.159 Local Buffer Overflow
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode,...
CVE-2018-25265
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode,...
CVE-2018-25265 LanSpy 2.0.1.159 Local Buffer Overflow
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode,...
PT-2026-34461
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode,...
CVE-2020-37001
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler SEH and uses ...
CVE-2020-37001 Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow (SEH Egghunter)
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler SEH and uses ...
EUVD-2020-30912
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler SEH and uses ...
CVE-2020-37001
CVE-2020-37001 affects Frigate Professional 3.36.0.9. The vulnerability is a local buffer overflow in the Pack File feature that allows an attacker to overflow the 'Archive To' input, overwriting the Structured Exception Handler (SEH) and enabling an egghunter-based payload to execute a reverse s...
CVE-2020-37000 Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to...
PT-2026-5277
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler SEH and uses ...
PT-2026-5276
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to...
X-NetStat Pro 5.63 Local Buffer Overflow
!/usr/bin/env python --------------------------------------------------------------------------------------------------------- Exploit: X-NetStat Pro 5.63 - Local Buffer Overflow EggHunter Date: 2019-03-23 Author: Peyman Forouzan Tested Against: Winxp SP2 32-64 bit - Win7 Enterprise SP1 32-64 bit...
McAfee ePolicy Orchestrator / ProtectionPilot Overflow
No description provided by source. $Id: mcafeeepolicysource.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...
ntpd 4.0.99j-k readvar - Buffer Overflow
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
EZHomeTech EzServer Stack Buffer Overflow Vulnerability
This module exploits a stack buffer overflow in the EZHomeTech EZServer for versions 6.4.017 and earlier. If a malicious user sends packets containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique. This...
NTP daemon readvar - Remote Buffer Overflow (Metasploit)
$Id: ntpoverflow.rb 10150 2010-08-25 20:55:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
NTPd Buffer Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'NTP daemon...
Xitami 2.5c2 Web Server If-Modified-Since Overflow
This module exploits a stack buffer overflow in the iMatix Corporation Xitami Web Server. If a malicious user sends an If-Modified-Since header containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique. Th...
Mercur Messaging 2005 SP3 IMAP Remote Exploit (egghunter mod)
No description provided by source. !/usr/bin/python Mercur Messaging 2005 SP3 IMAP service - Egghunter mod [email protected] http://www.offensive-security.com Original exploit by Winny Thomas Thanks Thomas, this code really came in handy ! VMWare seems to alter the stack a bit as the...