Linux Kernel 2.6.x 'fasync_helper()' Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37806/info Linux kernel is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complet...

XBlast 2.6.1 HOME Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8296/info XBlast is contains a locally exploitable buffer overflow vulnerability due to insufficient bounds checking of data supplied via the HOME environment variable. Successful exploitation would allow a local user to...

Linux Kernel 2.2/2.4 Ptrace/Setuid Exec Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3447/info Linux contains a vulnerability in it's exec implementation that may allow for modification of setuid process memory via ptrace. The vulnerability is due to the fact that it is possible for a traced process to ex...

linux/x86 upload & exec 189 bytes

No description provided by source. UPLOAD & EXEC SHELLCODE 1 converting asm to hex 2 asm code 3 hex output 4 upload function This is an 'upload and exec' shellcode for the x86 platform. File has to be in executable format, cool if you know the distribution of the target, otherwise it is useless...

TinyPHPForum 3.6 UpdatePF.PHP Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19281/info TinyPHPForum is prone to an authentication-bypass vulnerability because it fails to prevent an attacker from accessing admin scripts directly without requiring authentication. A remote attacker can exploit this...

Safari JS JITed shellcode - exec calc (ASLR/DEP bypass)

No description provided by source. !-- JIT-SPRAY for Safari 4.0.5 - 5.0.0 JavaScript JIT SHELLCODE and spray for ASLR / DEP bypass Win x32 By Alexey Sintsov from Digital Security Research Group Special for Hack In The Box 2010 Amsterdam PAYLOAD - exec calc Tested on Windows7 and Windows XP. Sorry...

win32 Download & Exec Shellcode 226 bytes+

No description provided by source. / \ WINSHELLCODE / :: win32 download & exec shellcode :: \ :: by Darkeagle of Unl0ck Research Team http://exploiterz.org :: / :: to avoid 0x00 use ^^xor^^ : :: \ :: greets goes to: Sowhat, 0x557 guys, 55k7 guys, RST/GHC guys. :: / ::cya:: \ / include stdio.h...

JPEGView 1.0.29 - Crash PoC

No description provided by source. Title: JPEGView - Image Viewer and Editor RCE POC Date: 18 November'13 Author: Debasish Mandal https://twitter.com/debasishm89 Version: JPEGView v1.0.29 Download Link : http://sourceforge.net/projects/jpegview/ Vendor Patch : Patched in version v1.0.30 Issue...

CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit

No description provided by source. / CoolPlayer 2.19 Skin File Local Buffer Overflow Exploit Advisory: http://www.bmgsec.com.au/advisory/43/ Test box: WinXP Pro SP2 English Code reference is in skin.c, lines 464 - 480 Written and discovered by: r0ut3r writ3r at gmail.com / www.bmgsec.com.au /...

DNS Reverse Download and Exec Shellcode

No description provided by source. Shellcode: download and execute file via reverse DNS channel Features: Windows 7 tested UAC without work svchost.exe makes requests via getaddrinfo Firewall/Router/Nat/Proxy bypass reverse connection like dnscat do, but without sockets and stable! NO SOCKET DNS...

Linux kernel 2.2/2.4 procfs Stream Redirection to Process Memory Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2937/info The Linux /proc filesystem is a virtual filesystem provided by the Linux Kernel as an interface to some process and system information and parameters. Under certain circumstances, an access validation error may...

Radasm 2.2.1.6 - (.rap) Universal Buffer Overflow Exploit

No description provided by source. !/usr/bin/python + Radasm .rap Universal buffer overflow Exploit + Original : http://www.exploit-db.com/exploits/11392 + Exploit : Dzattacker [email protected] header1= \x5b\x50\x72\x6f\x6a\x65\x63\x74\x5d\x0d\x0a\x41\x73\x73\x65\x6d\x62\x6c\x65\x72...

GNU Mailutils imap4d 0.6 - Remote Format String Exploit (exec-shield)

No description provided by source. / Fedora Core 6 exec-shield based GNU imap4d mailutils-0.6 search remote format string exploit by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL: http://x82.inetcop.org/h0me/papers/FCexploit/FCexploit.txt Reference:...

PhpTax pfilez Parameter Exec Remote Code Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

PHP Speedy <= 0.5.2 Wordpress Plugin (admin_container.php) Remote Code Exec Exploit

No description provided by source. ?php / php speedy = 0.5.2 wordpress plugin admincontainer.php Remote Code Exec Exploit vendor: http://aciddrop.com/ ------------------------------- May the stars be aligned! php.ini requirements: registerglobals=On allowurlinclude=On magicquotesgpc=Off...

sNews <= 1.5.30 Remote Reset Admin Pass / Command Exec Exploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- sNews = 1.5.30 unauthorized access / reset admin pass / cmd exec exploit by rgod dork: Barbecued by sNews mail: retrog at alice dot it site: http://retrogod.altervista.org...

Backup Exec System Recovery Manager <= 7.0.1 File Upload Exploit

No description provided by source. ?xml version=1.0? html xmlns=http://www.w3.org/1999/xhtml headtitleFile Upload POC/title/head body h2 Backup Exec System Recovery Manager 7.0brFile Upload POC/h2 form action=https://TARGET:8443/axis/FileUpload method=post enctype=multipart/form-data Remote Path:...

phpBB <= 2.0.10 Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl use IO::Socket; @@@@@@@ @@@ @@@ @@@@@@ @@@ @@@ @@! @@@ @@! @@@ !@@ @@! @@@ @!@!!@! @!@ !@! !@@!! @!@!@!@! !!: :!! !!: !!! !:! !!: !!! : : : :.:: : ::.: : : : : phpBB = 2.0.10 remote commands exec exploit based on...

YaPiG 0.92 Remote Server-Side Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplied data. It is...

NetCat CMS Multiple Vulnerabilities

No description provided by source. Exploit Title: NetCat CMS Code exec, SQL-injection Google Dork: none Date: 28.11.2010 Author: brainpillow Software Link: http://netcat.ru/ Version: UNKNOWN On different versions of this software next vulnerabilities are availible:...