tmux '-S' Option Incorrect SetGID Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits --------------------------------------- | Team ph0x90bic proudly presents | | tmux -S 1.3/1.4 local utmp exploit | --------------------------------------- Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerabilit...

FreeBSD : isc-dhcp-client -- dhclient does not strip or escape shell meta-characters (7e69f00d-632a-11e0-9f3a-001d092480a4)

ISC reports : ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server like hostname before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client. %NASLMINLEVEL 70300 C...

Xilisoft Video Converter Ultimate Buffer Overrun

!/usr/bin/perl Title : Xilisoft Video Converter Ultimate Buffer OverRun Author : KedAns-Dz E-mail : [email protected] Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : Windows Impact : Buffer OverRun Tested on : Windows XP Sp3 Fr Target : Xilisoft...

Cisco Secure Access Control System Password Modification Vulnerability

Cisco Secure Access Control System ACS contains a vulnerability that could allow an unauthenticated, remote attacker to modify user passwords. The vulnerability is due to improper security restrictions on user password change functions in the web-based management interface of the Cisco Secure ACS...

KMPlayer 2.9.3.1214 - .ksf Remote Buffer Overflow

KMPlayer 2.9.3.1214 - .ksf Remote Buffer Overflow source: https://www.securityfocus.com/bid/46608/info KMPlayer is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute...

iPhone MyDocs 2.7 Directory Traversal

---------------------------------------------------------------- Software : iPhone MyDocs 2.7 Type of vunlnerability : Directory Traversal Tested On : iPhone 4 IOS 4.0.1 Risk of use : High ---------------------------------------------------------------- Program Developer :...

phpMyBitTorrent 2.0.4 - SQL Injection

phpMyBitTorrent 2.0.4 - SQL Injection Exploit Title: phpMyBitTorrent 2.0.4 SQL injection Google Dork: inurl:"user.php?op=register" Date: 14/FEB/2011 Author: [email protected] Software Link: http://sourceforge.net/projects/phpmybittorrent/ Version: 2.0.4 Tested on: nix...

Air Contacts Lite - HTTP Packet Denial of Service

Air Contacts Lite - HTTP Packet Denial of Service source: https://www.securityfocus.com/bid/46827/info Air Contacts Lite is prone a denial-of-service vulnerability. Successful exploits may allow an attacker to crash the affected application, resulting in a denial-of-service condition...

AoA DVD Creator 2.5 - ActiveX Stack Overflow

AoA DVD Creator 2.5 - ActiveX Stack Overflow Exploit Title: AoA DVD Creator V2.5 Activex Date: Febrary 07 2011 Author: Carlos Mario Penagos Hollmann Software Link: http://www.aoamedia.com/aoadvdcreator.exe Version: v2.5 Tested on: Windows xp sp3 running on VMware Fusion 3.1 and VirtualBox 3.2.8...

Rain Joe(YuQa)Network Information feedback system YuQaIFS V1. 0 vulnerability 0day and fix-vulnerability warning-the black bar safety net

Publishing author: f4tb0y Affected versions: YuQaIFS V1. 0 Vulnerability type: design flaw Vulnerability Description: a vulnerability in the file is YuQaIFSSave. the asp directly to the submitted data is written to the database, without any filtering. 主页 面 www.xxx.com/xx/index.asp（xx for this...

Microsoft Readies 'Critical' Windows, IE Patches

As part of this month’s Patch Tuesday schedule, Microsoft plans to ship a dozen bulletins with fixes for 22 vulnerabilities, some serious enough to allow hackers complete access to a vulnerable Windows machine. According to Microsoft’s advance notice, three of the 12 bulletins will carry be rated...

Sielco Sistemi Winlog server stack overflow

Overview Sielco Sistemi Winlog TCP/IP server contains a stack overflow vulnerability Description According to Sielco Sistemi's website: "Winlog is a software package for SCADA/HMI applications with web support, OPC client and a wide library of communication drivers and protocols for most PLCs...

WM Downloader 3.1.2.2 2010.04.15 - '.m3u' File Buffer Overflow (DEP Bypass)

!/usr/bin/env python WM Downloader 3.1.2.2 2010.04.15 .m3u Buffer Overflow + DEP Bypass Author: sickness Download : http://mini-stream.net/wm-downloader/ Tested : Windows XP Professional SP3 EN latest updates with IE8 and IE7 DATE : 29/01/2011 You might need to change the offset. The payload can ...

Microsoft Warns of MHTML Bug in Windows

Microsoft is warning its users about a dangerous flaw in the way that Windows handles certain MHTML operations, which could allow an attacker to run code on vulnerable machines. The bug affects all of the current versions of Windows, from XP up through Windows 7 and Windows Server 2008. Microsoft...

SiteScape Enterprise Forum 7 - TCL Injection

SiteScape Enterprise Forum 7 - TCL Injection !/usr/bin/env python """ -- coding: utf-8 -- sitescapesploit.py Copyright 2010 Spencer McIntyre This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...

Win32k Keyboard Layout Vulnerability

// My koala is staring at you CºgºD // Source: http://reversemode.com/index.php?option=comcontent&task=view&id=71&Itemid=1 include include include define MAGICOFFSET 0x6261 define InitializeUnicodeStrp,s \ p-Length= wcslens2; \ p-MaximumLength = wcslens2+2; \ p-Buffer = s; \ declspecnaked HKL...

Ecava IntegraXor web service allows directory traversal outside of web root

Overview Ecava IntegraXor contains a directory traversal vulnerability Description According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based HMI interface for a Supervisory Control and Data Acquisition SCADA system. Ecava IntegraXor runs a web service that...

Xynph FTP Server 1.0 - USER Denial of Service

Xynph FTP Server 1.0 - USER Denial of Service Exploit Title: Xynph 1.0 USER Denial of Service Exploit Date: 04.01.2011 Author: freakout Version: 1.0 Tested on: Windows XP SP3 Type: DOS/POC Greetings: anco, mahjong, puddy, st!x, war10ck, fraggle, DarthShredder, krzym, starslayer, db E-Mail:...

httpdasm 0.92 - Directory Traversal

httpdasm 0.92 - Directory Traversal ------------------------------------------------------------------------ Software................httpdASM 0.92 Vulnerability...........Directory Traversal Download................http://www.japheth.de/httpdASM.html Release Date............12/27/2010 Tested...

Web@all 1.1 - Remote Admin Settings Change

=========================================== Web@all Date: 27/12/2010 Site: http://www.giudinvx.altervista.org/ -------------------------------------------------------- Application Info: web@all 1.1 web@all is a CMS which is not similar to general CMS, you can build it easyly by yourself...