Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution

Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an...

Chrome Playing Hard to Get with Blackhole Exploit Kit

Google’s Chrome browser is something of a tough customer for the infamous and widely deployed Blackhole Exploit Kit, according to Blue Coat security researcher, Adnan Shukor. Shukor notes there has been an uptick in the kit’s use of plain HTML files, instead of iframes, to redirect users to explo...

Avid Media Composer 5.5 - Avid Phonetic Indexer Stack Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Avid Media Compos...

Wireshark packet-dect.c Stack Buffer Overflow

This module exploits a stack buffer overflow in Wireshark 'Wireshark packet-dect.c Stack Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in Wireshark MSFLICENSE, 'Author' = 'Paul Makowski', Initial discovery 'sickness', proof of concept 'corelanc0d3r ', rop explo...

Adobe Reader and Acrobat (CVE-2009-4324) Exploit

No description provided by source. Author : Ahmed Obied [email protected] This program generates a PDF file that exploits a vulnerability CVE-2009-4324 in Adobe Reader and Acrobat. The generated PDF file was tested using Adobe Reader 9.2.0 on Windows XP SP3. The exploit's payload spawns the...

Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow

/ Fedora Core 6,7,8 exec-shield based Apache Tomcat Connector jk2-2.0.2modjk2 remote overflow exploit by INetCop Security Advanced exploitation in exec-shield Fedora Core case study URL: http://www.milw0rm.com/papers/151 IOActive Security Advisory: http://www.securityfocus.com/archive/1/487983...

Aigaion <= 1.3.3 (topic topic_id) Remote SQL Injection Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ Aigaion = 1.3.3 SQL Injection Exploit +==-- --==+================================================================================+==-- DISCOVERED BY: Cody "CypherXer...

Aigaion 1.3.3 - 'topic topic_id' SQL Injection

--==+================================================================================+==-- --==+ Aigaion = 1.3.3 SQL Injection Exploit +==-- --==+================================================================================+==-- DISCOVERED BY: Cody "CypherXero" Rester PAYLOAD: Admin username a...

IBM Tivoli Provisioning Manager PRE AUTH Remote Exploit

No description provided by source. !/usr/bin/python IBM Tivoli Provisioning Manager PRE AUTH Remote Exploit http://dvlabs.tippingpoint.com/advisory/TPTI-07-05 Tested on windows 2003 server SP0. Coded by Mati Aharoni [email protected] http://www.offensive-security.com/0day/ibm-ti-pro.py...

FreeWebShop 2.2 - index.php SQL Injection

FreeWebShop 2.2 - index.php SQL Injection source: https://www.securityfocus.com/bid/20887/info FreeWebShop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

SLX Server 6.1 - Arbitrary File Creation

!/usr/bin/perl Proof of concept exploit: Arbitrary file creation for SLX server 6.1 Written by Carl Livitt, Agenda Security Services, June 2004. This exploit abuses the ProcessQueueFile command on SLX 6.1 others? servers to create arbitrary files on the filesystem of the SLX server. By using...

Unixware execve /bin/sh 95 bytes

Unixware execve /bin/sh 95 bytes. Shellcode exploit for unixware platform / UnixWare execve of /bin/sh by K2 / char shell = "\xeb\x48\x9a\xff\xff\xff\xff\x07\xff\xc3\x5e\x31\xc0\x89\x46\xb4" "\x88\x46\xb9\x88\x46\x07\x89\x46\x0c\x31\xc0\x50\xb0\x8d\xe8\xdf"...

Solaris 2.6/7.0 - lp -d Option Buffer Overflow

// source: https://www.securityfocus.com/bid/1143/info A buffer overrun has been discovered in the lp program, as included with Sun's Solaris 7 operating system. By passing well crafted, machine executable code of sufficient length to the -d option of lp, it becomes possible to execute arbitrary...