Veritas Backup Exec Name Service Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Veritas Back...

Veritas Backup Exec Agent Browser Registration Request Buffer Overflow (CVE-2004-1172)

Backup Exec is a backup solution offered by VERITAS. It provides both server-side and client side components and communication mechanisms for scalability and ease of administration purposes. The client-side component is known as the Backup Exec Agent. The Backup Exec Agent Browser is a server...

MundiMail 0.8.2 - Remote Code Execution

MundiMail 0.8.2 - Remote Code Execution Reference: http://www.ccat.edu.mx/advisors/advisor5/advisor5.html Credits: Ccat Research Labs - México - Coatepec, Ver. www.ccat.edu.mx Software Link: http://sourceforge.net/projects/mundimail/ Tested on: Debian, Centos & Windows Server 2000 Preview: Code...

MundiMail 0.8.2 Remote Code Execution

No description provided by source. Reference: http://www.ccat.edu.mx/advisors/advisor5/advisor5.html Credits: Ccat Research Labs - México - Coatepec, Ver. www.ccat.edu.mx Software Link: http://sourceforge.net/projects/mundimail/ Tested on: Debian, Centos & Windows Server 2000 Preview: Code uses...

CVE-2009-2972

in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service memory consumption via unspecified vectors that trigger a "fork/exec bomb."...

KSP 2006 FINAL ( .M3U) Universal Local Buffer Exploit (SEH)

Exploit for unknown platform in category local exploits =========================================================== KSP 2006 FINAL .M3U Universal Local Buffer Exploit SEH =========================================================== !/usr/bin/perl by hack4love KSP 2006 FINAL .M3U Universal Local...

Information disclosure

PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...

MediaCoder 0.7.1.4486 (.lst) Universal Buffer Overflow Exploit (SEH)

No description provided by source. !/usr/bin/perl + Bug : MediaCoder 0.7.1.4486 .lst Universal Buffer overflow SEH + Author : germayax + Greetz : hack4love + tested on: sp3 EN win32exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com my $shellcode =...

Easy RM to MP3 Converter - '.m3u' Universal Stack Overflow

!/usr/bin/perl Easy RM to MP3 Converter .m3u file Universall Stack Overflow Exploit it's so diferent to the first exploit .pls by stack xd Alpha zrebti 3liha :d Thnx to Zigma & His0k4 & HOD my $header= "\x23\x45\x58\x54\x4D\x33\x55\x0D\x0A\x23\x45\x58\x54\x49\x4E\x46"...

httpd: AllowOverride Options=IncludesNoExec allows Options Includes

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...

PHP多个函数绕过safe_mode安全限制漏洞

BUGTRAQ ID: 35435 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 在安全模式下，PHP没有禁用exec、system、passthru和popen这四个函数，只是在 safemodeexecdir目录下执行。但当safemode=on且safemodeexecdir为空时（默认），PHP在处理这一过程中存在安全隐患，在windows下exec/system/passthru可以通过引入“\”来执行程序。 以exec函数为例分析源码： // exec.c PHPFUNCTIONexec...

PHP 5.2.10 safe_mode Bypass

PHP safemode bypass with exec/system/passthru Once again php public new version :php5.2.10 ,and it fix lots of bugs, like this : Bug 45997safemode bypass with exec/system/passthru incorrect fix php5.2.10 ... b = strrchrcmd, PHPDIRSEPARATOR; ifdef PHPWIN32 if b && b == '\' && b == cmd...

kernel: exit_notify: kill the wrong capable(CAP_KILL) check

The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...

Joomla RSGallery2 Backdoor

Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all sorts of obfuscated junk all the...

Soulseek 157 NS Remote Buffer Overflow Exploit (SEH)

No description provided by source. !/usr/bin/python x Bug :Soulseek 157 NS Remote Seh Overwrite Exploit x Credits & poc from : http://www.milw0rm.com/exploits/8777 x Tested on : Windows Xp sp3, Soulseek 157 NS 12d x The exploit attacks the user :"test4321" import struct import sys, socket from ti...

freebsd/x86-64 exec(""/bin/sh"") shellcode 31 bytes

No description provided by source. / | | | | | | | \ | | | | || |/ |/ | |/ / ' \ | | / | | | | | | | | | | | | | | | | || ||,|||\| || || \/||| http://www.hacknroll.com Description: FreeBSD x86-64 exec"/bin/sh" Shellcode - 31 bytes Authors: Maycon M. Vitali 0ut0fBound Milw0rm .:...

CastRipper 2.50.70 - .m3u Universal Stack Overflow (Python)

CastRipper 2.50.70 - .m3u Universal Stack Overflow Python !/usr/bin/python print "" print " CastRipper 2.50.70 .m3u Universal Stack Overflow Exploit\n" print " Refer: http://www.milw0rm.com/exploits/8660\n" print " Exploit code: super-cristal\n" print " Tested on: Windows XP Pro SP3\n" print "...

32bit FTP (09.04.24) (CWD Response) Universal Seh Overwrite Exploit

No description provided by source. !/usr/bin/python | || | / \ | | | | | | | | | - | | | / / | | |||| || // / |\ || Bug : 32bit FTP 09.04.24 CWD Response Universal Seh Overwrite Exploit Refer : http://www.milw0rm.com/exploits/8611 Tested on : Xp sp3 ENVB Exploited by : His0k4 Greetings : All...

Race condition

Race condition in the ptraceattach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACEATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect credexecmutex object...

CVE-2009-1527

Race condition in the ptraceattach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACEATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect credexecmutex object...