2058 matches found
CuteNews 1.3 - Comment HTML Injection
CuteNews 1.3 - Comment HTML Injection source: https://www.securityfocus.com/bid/10750/info CutePHP is reported prone to an HTML injection vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to comment posts are not...
Unreal Tournament 2004 - 'Secure' Remote Overflow (Metasploit)
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Unreal...
Microsoft Windows Server 2000 - Universal Language Utility Manager (MS04-019)
/ COROMPUTER2004 Crpt Utility Manager exploit v1.666 modified by kralor Crpt It gets system language and sets windows names to work on any win2k :P Feel free to add other languages : You know where we are.. COROMPUTER2004 / / original disclaimer / //by Cesar Cerrudo sqlsecat include struct int id...
MS Windows 2K POSIX Subsystem Privilege Escalation Exploit (MS04-020)
Exploit for unknown platform in category local exploits ===================================================================== MS Windows 2K POSIX Subsystem Privilege Escalation Exploit MS04-020 ===================================================================== / Microsoft Windows POSIX Subsyst...
Microsoft Windows Server 2000 - POSIX Subsystem Privilege Escalation (MS04-020)
Microsoft Windows Server 2000 - POSIX Subsystem Privilege Escalation MS04-020 / Microsoft Windows POSIX Subsystem Local Privilege Escalation Exploit MS04-020 Tested on windows 2k sp4 CN,NT/XP/2003 NOT TESTED Posixexp.c By bkbll bkbll cnhonker net,bkbll tom com www cnhonker com 2004/07/16 thanks t...
[EXPL] IBM AIX Inventory Scout Log File Vulnerability (invscoutd)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Microsoft Internet Explorer 5.0.1 - Popup.show Mouse Event Hijacking
source: https://www.securityfocus.com/bid/10690/info A vulnerability exists in Microsoft Internet Explorer that may permit a malicious Web page to hijack mouse events. This could potentially be exploited to trick an unsuspecting user into performing unintended actions such as approving pop-up...
MPlayer 1.0pre4 GUI - Filename handling Overflow
/ c0ntex open-security org / include include include include include include include include include define SUCCESS 0 / True / define FAILURE 1 / False / define ABANNER "MPlayerMeMPlayerMediaMayhem" define ALIGN 0 / Stack address alignment / define BUFFER 544 / Exactly overwrite EIP / define EIPW...
Subversion 1.0.2 - svn_time_from_cstring() Remote Overflow
Subversion 1.0.2 - svntimefromcstring Remote Overflow / subversion-1.0.2 exploit by Gyan Chawdhary ... exploits a stack overflow in the svntimefromcstring function. We build a date format which is valid but at the same time exits after the sscanf function, or else it branches into another functio...
UNIX 7th Edition binmkdir - Local Buffer Overflow
UNIX 7th Edition binmkdir - Local Buffer Overflow / Exploit for /bin/mkdir Unix V7 PDP-11. mkdir has a buffer overflow when checking if the directory in /arg/with/slashes/fname exists. This will run /bin/sh with euid 0, but not uid 0. Since the shell doesn't do anything special about this, we don...
CVS Remote Entry Line Root Heap Overflow Exploit
Exploit for solaris platform in category remote exploits ================================================ CVS Remote Entry Line Root Heap Overflow Exploit ================================================ include include include include include include include include include include include inclu...
Subversion 1.0.2 - 'svn_time_from_cstring()' Remote Overflow
/ subversion-1.0.2 exploit by Gyan Chawdhary ... exploits a stack overflow in the svntimefromcstring function. We build a date format which is valid but at the same time exits after the sscanf function, or else it branches into another function which segfaults at the aprpoolt pool. We overwrite o...
[NT] WinAgents TFTP Server Remote DoS (Long Filename)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
SP Research Labs Advisory 13
SP Research Labs Advisory x13 ----------------------------- Orenosv HTTP/FTP Server Denial Of Service ----------------------------------------- Versions: orenosv059f Vendor: http://hp.vector.co.jp/authors/VA027031/orenosv/indexen.html Date Released - 5.25.2004 ------------------------------------...
Orenosv HTTP/FTP Server 0.5.9 - GET Denial of Service (1)
// source: https://www.securityfocus.com/bid/10420/info Orenosv HTTP/FTP server is prone to a denial of service vulnerability that may occur when an overly long HTTP GET request is sent to the server. When the malicious request is handled, it is reported that both the HTTP and FTP daemons will st...
[Full-Disclosure] Bug in PaX Linux Kernel 2.6 Patches
http://www.cr-secure.net Found by: borg ChrisR- A small bug in PaX was found. What is PaX? ----------------------- PaX is a collection of intrusion prevention patches for the Linux Kernel 2.2, 2.4, and 2.6. This advisory only affects the PaX patches for the 2.6 linux kernel. PaX is located at...
ICUII 7.0 Local Password Disclosure Exploit
Exploit for unknown platform in category local exploits =========================================== ICUII 7.0 Local Password Disclosure Exploit =========================================== / ICUII 7.0 Local Password Disclosure Exploit by Kozan Application: ICUII 7.0 and probably prior versions...
Microsoft Windows - Lsasrv.dll RPC Remote Buffer Overflow (MS04-011)
Microsoft Windows - Lsasrv.dll RPC Remote Buffer Overflow MS04-011 include pragma commentlib,"mpr.lib" pragma commentlib, "ws232" unsigned char scode = "\xEB\x10\x5B\x4B\x33\xC9\x66\xB9\x25\x01\x80\x34\x0B\x99\xE2\xFA" "\xEB\x05\xE8\xEB\xFF\xFF\xFF"...
MS Windows IIS 5.0 SSL Remote buffer overflow Exploit (MS04-011)
Exploit for unknown platform in category remote exploits ================================================================ MS Windows IIS 5.0 SSL Remote buffer overflow Exploit MS04-011 ================================================================ // / THCIISSLame 0.3 - IIS 5 SSL remote root...
Linux Kernel 2.6.3 - 'setsockopt' Local Denial of Service
/ setsockopt proof of concept code by Julien TINNES julien a.t cr0.org vulnerability found as always by Paul Starzetz This is only a lame POC which will crash the machine, no root shell here. Maybe later, when everybody will have an updated box. It should work on 2.6.1, 2.6.2 and 2.6.3 kernels...