356 matches found
solaris/SPARC execve /bin/sh 52 bytes
Exploit for solaris/sparc platform in category shellcode ===================================== solaris/SPARC execve /bin/sh 52 bytes ===================================== //Solaris/Sparc - LSD char shellcode= "\x20\xbf\xff\xff" / bn,a / "\x20\xbf\xff\xff" / bn,a / "\x7f\xff\xff\xff" / call /...
linux/x86 execve /bin/sh 29 bytes
Exploit for linux/x86 platform in category shellcode ================================= linux/x86 execve /bin/sh 29 bytes ================================= / c1999-2003 Shellcode Research http://www.shellcode.com.ar execve/bin/sh for linux x86 29 bytes by Matias Sedalo xorl %ebx, %ebx pushl %ebx...
Invision Gallery < 1.0.1 - SQL Injection
Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming...
Self-Executing FOLDERS: Windows XP Explorer Part V
Sunday, January 25, 2004 The following file is a 'folder' comprising both scripting and an executable .exe. We inject scripting and an executable into the 'folder' which is designed to point back to the executable in the 'folder' and execute it. Provided the 'folder' is an html file, Windows XP...
CVE-2003-1252
register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using ...
POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
Wednesday, November 5, 2003 In our never-ending quest for entertainment, we commece from this date forward to end-2004 our POS series of findings. That is the 'perfect operating system'. Today we debut and regurgitate new and not so new for fun as follows. A warm up for the New Year if you will !...
Microsoft Internet Explorer Self Executing HTML Arbitrary Code Execution Vulnerability
...
Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
Tuesday, February 25, 2003 We are delighted to learn that the original self-executing html file, from June 1 2002 is now fixed with the most current of the many patches for the Internet Explorer series of browsers. See: http://online.securityfocus.com/archive/1/275126 Regrettably. The following...
MSIE:"SaveRef" turns Zone off
TITLEMSIE:"SaveRef" turns Zone off/TITLE digest MSIE: you can execute jscript in any zone by saving the reference of "NewWindow.location.assign". content after the "exp" section is not directly related to the flaw, so skip it if you are in a hurry; testedMSIEv6CN version IEXPLORE.EXE file version...
PHP: Bypass safe_mode and inject ASCII control chars with mail()
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: PHP Version: 4.x up to 4.2.2 Vendor: http://www.php.net/ Author: Wojciech Purczynski [email protected] Date: June 13, 2002 Updated: August 23, 2002 Released: August 21, 2002 Issue: ====== Two vulnerabilities exists in mail PHP function. The first...
Self-Executing HTML: Internet Explorer 5.5 and 6.0
Saturday, June 01, 200 The following file is an html file comprising both scripting and a complied help file .chm. We inject scripting into the actual help file which is designed to point back to the html file and execute it. Provided the html file name contains the 'word' chm in it, Internet...
HTML.cobble
Sunday, April 1, 2001 Default installation of Internet Explorer 5.5 with all of its so-called patches, service "packs" etc, still allows us to execute files on default installations of the target computer: Once Again: We cobble together new and old Components as follows : - 1. Courtesy of Georgi...
word-access.txt
Georgi Guninski security advisory 17, 2000 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook Systems affected: MS Word and MS Access 2000 with or without Service Release 1a IE and Outlook may be also used, but are not needed / Windows 98 - almost...
excel2000-exec.txt
Georgi Guninski security advisory 15, 2000 Excel 2000 vulnerability - executing programs Systems affected: Excel 2000/Win98 - almost sure other versions/OSes, have not tested Risk: High Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual...
Excel 2000 vulnerability - executing programs
Georgi Guninski security advisory 15, 2000 Excel 2000 vulnerability - executing programs Systems affected: Excel 2000/Win98 - almost sure other versions/OSes, have not tested Risk: High Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual...
ie5-chm.txt
Georgi Guninski security advisory 8, 2000 IE 5.x allows executing arbitrary programs using .chm files Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is not liable fo...