TerminatorX <= 3.81 stack overflow local root exploit

No description provided by source. / TerminatorX V. = 3.81 local root exploit by Li0n7 Typical local stack-based overflow Bugs discovered by c0wboy from 0x333 Contact Li0n7 voila fr Usage: ./terminatorX-exp -r RET-b -s STARTINGRET -r RET: no bruteforcing, try to execute shellcode with RET as retu...

Dedecms V5可执行文件上传漏洞

这是一个比较有意思的东西，但是成功利用起来并不容易，呵呵。 首先看configrglobals.php文件，摘的一段代码如下。这里作者本意是为了帮我们注册变量的，但是他却疏忽了我们不但能注册变量，还能覆盖一些变量。configrglobalsmagic.php也有同样的问题 ………………………………………………………………………… ifisarray$GET foreach$GET AS $key = $value $$key = $value; //可以覆盖任意变量 ………… …………………………………………………………………………...

Solaris 2.5.1/2.6/7/8 rlogin /bin/login Buffer Overflow Exploit (SPARC)

No description provided by source. / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi [email protected] Buffer overflow in login in various System V based operating systems ...

HP Instant Support 1.0.22 - HPISDataManager.dll StartApp ActiveX Control Insecure Method

HP Instant Support 1.0.22 - HPISDataManager.dll StartApp ActiveX Control Insecure Method source: https://www.securityfocus.com/bid/29533/info HP Instant Support 'HPISDataManager.dll' ActiveX control is prone to an insecure-method vulnerability. Successfully exploiting this issue allows remote...

Through the NOD of memory why so trouble-vulnerability warning-the black bar safety net

You want to move the hard drive inside the aio to elsewhere, always to NOD32 kill, depressing the ball. Is there any method to go around? The method is, of course, the key to see you have no creativity, hehe. nod32 virus scanning before will first look at the file suffix is not an executable file...

Windows Executable (PE) Files (CVE-2008-1437; CVE-2010-0233)

The Microsoft Malware Protection Engine provides the scanning, detection and cleaning capabilities for the following antivirus and antispyware clients: Windows Live OneCare, Microsoft Forefront Security, Microsoft Antigen, and Windows Defender. A denial of service vulnerability has been reported ...

CVE-2008-2110

Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request...

CVE-2008-1988

Unrestricted file upload vulnerability in the fileupload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file...

Nik Software Sharpener Pro vulnerable to privilege escalation

Overview The Nik Software Shapener Pro installs files with insecure permissions, which may allow a local attacker to elevate privileges. Description Nik Software Sharpener Pro is an Adobe Photoshop plug-in that provides image sharpening capabilities. The Nik Software Sharpener Pro installer sets...

xnview-overflow.txt

-------- XNview -------- Informations : Version : 1.92.1 Website : http://www.xnview.com/ Problem : Long Filename Overflow Description: XnView is an efficient multimedia viewer, browser, and converter. It supports more than 400 graphic file formats PNG, JPEG, TARGA, TIFF, GIF, BMP, and more...

win32 Download and Execute Shellcode Generator (browsers edition)

No description provided by source. !/usr/bin/perl $loadingurl=$ARGV0; chomp $loadingurl; my @buffer; if $loadingurl eq "" $sco = 'ERROR!!! Enter url to remote exe.'; buffergen$sco; print @buffer; exit; $c= generatechar0; $sco= "\xE8\x56\x00\x00\x00\x53\x55\x56\x57\x8B\x6C\x24\x18\x8B\x45"...

CVE-2008-1264

The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file...

CVE-2008-0805

Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures...

Design/Logic Flaw

Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering...

GE Fanuc Proficy Information Portal allows arbitrary file upload and execution

Overview GE Fanuc Proficy Information Portal allows authenticated users to upload arbitrary files. An attacker could upload an executable server-side script e.g., an .asp shell on a Microsoft Internet Information Server platform and execute arbitrary commands with the privileges of the web server...

Debian Security Advisory DSA 947-2 (clamav)

The remote host is missing an update to clamav announced via advisory DSA 947-2. A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system runnig ClamAV. In addition,...

Debian Security Advisory DSA 637-1 (exim-tls)

The remote host is missing an update to exim-tls announced via advisory DSA 637-1. OpenVAS Vulnerability Test $Id: deb6371.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 637-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 159-2 (python)

The remote host is missing an update to python announced via advisory DSA 159-2. OpenVAS Vulnerability Test $Id: deb1592.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 159-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 193-1 (kdenetwork)

The remote host is missing an update to kdenetwork announced via advisory DSA 193-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Fedora 7 : qimageblitz-0.0.4-0.3.svn706674.fc7 (2008-0463)

This update fixes qimageblitz not to needlessly require an executable stack. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...