Rockstar Games: Stored XSS in profile activity feed messages

The researcher was able to demonstrate a Stored XSS vulnerability in the Profile and Crew Feed endpoints. The exploit string worked because the researcher realized that certain obscure characters were not being converted to HTML entities properly. The exploit string was †‡•＜img src=a...

Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)

Quick Search 1.1.0.189 - search textbox Buffer Overflow SEH Unicode Egghunter !/usr/bin/perl = Exploit Title: Quick Search 1.1.0.189 'search textbox' Unicode SEH egghunter Buffer Overflow Date: 2015-04-23 Exploit Author: Tomislav Paskalev Vulnerable Software: Quick Search v1.1.0.189 Vendor...

Apple Mac OSX 10.4.7 (PPC) - fetchmail Local Privilege Escalation

Apple Mac OSX 10.4.7 PPC - fetchmail Local Privilege Escalation !/usr/bin/perl getpwnedmail.pl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom This is a canibalized version of "Kansas City POP Daemon Version 0.0" - Copyright c 1999 David Nicol kevin-finisterres-mac-min...

CuteNews 1.4.1 - categories.mdu Remote Command Execution

CuteNews 1.4.1 - categories.mdu Remote Command Execution !/usr/bin/perl cijfer-cnxpl - CuteNews All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-cnxpl.pl -h www.xxxx.org -d /news [email protected] /$ id;uname -a uid=48apache gid=48apache groups=48apache,29000webserving...

Ethereal 10.x - AFP Protocol Dissector Remote Format String

Ethereal 10.x - AFP Protocol Dissector Remote Format String / etherealv0.10.: AFP remote format string exploit. by: vade79/v9 [email protected] fakehalo/realhalo compile: gcc xethereal-afp-fmt.c -o xethereal-afp-fmt ethereal homepage/url: http://www.ethereal.com syntax: ./xethereal-afp-fmt -spSrPanc...