MundiMail 0.8.2 Remote Code Execution

No description provided by source. Reference: http://www.ccat.edu.mx/advisors/advisor5/advisor5.html Credits: Ccat Research Labs - México - Coatepec, Ver. www.ccat.edu.mx Software Link: http://sourceforge.net/projects/mundimail/ Tested on: Debian, Centos & Windows Server 2000 Preview: Code uses...

CVE-2009-2972

in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service memory consumption via unspecified vectors that trigger a "fork/exec bomb."...

KSP 2006 FINAL ( .M3U) Universal Local Buffer Exploit (SEH)

Exploit for unknown platform in category local exploits =========================================================== KSP 2006 FINAL .M3U Universal Local Buffer Exploit SEH =========================================================== !/usr/bin/perl by hack4love KSP 2006 FINAL .M3U Universal Local...

Information disclosure

PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...

MediaCoder 0.7.1.4486 (.lst) Universal Buffer Overflow Exploit (SEH)

No description provided by source. !/usr/bin/perl + Bug : MediaCoder 0.7.1.4486 .lst Universal Buffer overflow SEH + Author : germayax + Greetz : hack4love + tested on: sp3 EN win32exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com my $shellcode =...

Easy RM to MP3 Converter - '.m3u' Universal Stack Overflow

!/usr/bin/perl Easy RM to MP3 Converter .m3u file Universall Stack Overflow Exploit it's so diferent to the first exploit .pls by stack xd Alpha zrebti 3liha :d Thnx to Zigma & His0k4 & HOD my $header= "\x23\x45\x58\x54\x4D\x33\x55\x0D\x0A\x23\x45\x58\x54\x49\x4E\x46"...

httpd: AllowOverride Options=IncludesNoExec allows Options Includes

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...

PHP多个函数绕过safe_mode安全限制漏洞

BUGTRAQ ID: 35435 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 在安全模式下，PHP没有禁用exec、system、passthru和popen这四个函数，只是在 safemodeexecdir目录下执行。但当safemode=on且safemodeexecdir为空时（默认），PHP在处理这一过程中存在安全隐患，在windows下exec/system/passthru可以通过引入“\”来执行程序。 以exec函数为例分析源码： // exec.c PHPFUNCTIONexec...

PHP 5.2.10 safe_mode Bypass

PHP safemode bypass with exec/system/passthru Once again php public new version :php5.2.10 ,and it fix lots of bugs, like this : Bug 45997safemode bypass with exec/system/passthru incorrect fix php5.2.10 ... b = strrchrcmd, PHPDIRSEPARATOR; ifdef PHPWIN32 if b && b == '\' && b == cmd...

kernel: exit_notify: kill the wrong capable(CAP_KILL) check

The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...

Joomla RSGallery2 Backdoor

Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all sorts of obfuscated junk all the...

Soulseek 157 NS Remote Buffer Overflow Exploit (SEH)

No description provided by source. !/usr/bin/python x Bug :Soulseek 157 NS Remote Seh Overwrite Exploit x Credits & poc from : http://www.milw0rm.com/exploits/8777 x Tested on : Windows Xp sp3, Soulseek 157 NS 12d x The exploit attacks the user :"test4321" import struct import sys, socket from ti...

freebsd/x86-64 exec(""/bin/sh"") shellcode 31 bytes

No description provided by source. / | | | | | | | \ | | | | || |/ |/ | |/ / ' \ | | / | | | | | | | | | | | | | | | | || ||,|||\| || || \/||| http://www.hacknroll.com Description: FreeBSD x86-64 exec"/bin/sh" Shellcode - 31 bytes Authors: Maycon M. Vitali 0ut0fBound Milw0rm .:...

CastRipper 2.50.70 - .m3u Universal Stack Overflow (Python)

CastRipper 2.50.70 - .m3u Universal Stack Overflow Python !/usr/bin/python print "" print " CastRipper 2.50.70 .m3u Universal Stack Overflow Exploit\n" print " Refer: http://www.milw0rm.com/exploits/8660\n" print " Exploit code: super-cristal\n" print " Tested on: Windows XP Pro SP3\n" print "...

32bit FTP (09.04.24) (CWD Response) Universal Seh Overwrite Exploit

No description provided by source. !/usr/bin/python | || | / \ | | | | | | | | | - | | | / / | | |||| || // / |\ || Bug : 32bit FTP 09.04.24 CWD Response Universal Seh Overwrite Exploit Refer : http://www.milw0rm.com/exploits/8611 Tested on : Xp sp3 ENVB Exploited by : His0k4 Greetings : All...

CVE-2009-1527

Race condition in the ptraceattach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACEATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect credexecmutex object...

Race condition

Race condition in the ptraceattach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACEATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect credexecmutex object...

kernel: exit_notify: kill the wrong capable(CAP_KILL) check

The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...

Steamcast - HTTP Request Remote Buffer Overflow (SEH) (1)

Steamcast - HTTP Request Remote Buffer Overflow SEH 1 !/usr/bin/python Usage : steamcast.py victimeip Bug : SteamcastHTTP Request Remote Buffer Overflow Exploit SEH 1 Founder : Luigi Auriemma, thx to overflow3r for informing me about the vuln. Tested on : Xp sp2 fr Exploited by : His0k4 Greetings...

Gravity Board X 2.0 Beta - SQL Injection / (Authenticated) Code Execution

================================================================================ Found : brainpillow Dork : "Powered By Gravity Board X v2.0 BETA" Visit : brainpillow.cc, forum.antichat.ru, raz0r.name Mail : [email protected]...