CVE-2025-44952

A missing length check in ogspfcpsubnetadd function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the session.dnn field with a value with length greater than 101...

berliCRM 1.0.24 - 'src_record' SQL Injection

Exploit Title: berliCRM 1.0.24 - 'srcrecord' SQL Injection Google Dork: N/A Date: 2020-10-11 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.berlicrm.de Software Link: https://github.com/berliCRM/berlicrm/archive/1.0.24.zip Version: 1.0.24 Tested on: Kali Linux CVE : N/A ==========...

Mediacoder 0.7.5.4710 "Universal" SEH Buffer Overflow Exploit

No description provided by source. !/usr/bin/env python Mediacoder 0.7.5.4710 Universal SEH Buffer Overflow Exploit Coded By: DrIDE Found By: abhishek lyall Usage: Load the evil .m3u file and click on it. Download: http://www.exploit-db.com/application/14612 Tested On: Windows XPSP3 windows/exec ...

mcrypt 2.6.8 - Stack Buffer Overflow (PoC)

mcrypt 2.6.8 - Stack Buffer Overflow PoC !/usr/bin/env python mcrypt = 2.6.8 stack-based buffer overflow poc http://mcrypt.sourceforge.net/ the command line tool, not the library date: 2012-09-04 exploit author: ishikawa tested on: ubuntu 12.04.1 tech: it overflows in checkfilehead when decryptin...

PMSoftware Simple Web Server 2.1 - 'From:' Header Processing Remote Denial of Service

source: https://www.securityfocus.com/bid/42155/info PMSoftware Simple Web Server is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to stop responding, denying service to legitimate users. Simple Web Server 2.1 is vulnerable; other...

PHP upload - 'unijimpe' Arbitrary File Upload

|| || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ team wlhaan hacker | | // | | |...

PAD Site Scripts 3.6 - Insecure Cookie Handling

======================================================= +++++++++++++++++++ information +++++++++++++++++++++++ ======================================================= + Script :PAD Site Scripts v3.6 Insecure Cookie Handling Vulnerability + Found by : Mr.tro0oqy + C0ntact : [email protected]...

AdaptBB 1.0 - 'topic_id' SQL Injection / Credentials Disclosure

!/usr/bin/perl -w AdaptBB 1.0 topicid SQL Injection / Credentials Disclosure Exploit Description ----------- AdaptBB contains a flaw that allows an attacker to carry out an SQL injection attack. The issue is due to the inc/bb/topic.php script not properly sanitizing user-supplied input to the...

CJG EXPLORER PRO 3.2 - 'g_pcltar_lib_dir' Remote File Inclusion

S==A==U==D==I CJG EXPLORER PRO v3.2 pcltar.lib.phppcltrace.lib.php Remote File Include Vulnerabilities Found By : Mogatil , [email protected] Script Site : http://www.zascom.com/download/PHP/1868-CEP-PHP.ZIP File : /pcltar.lib.php include$gpcltarlibdir."/pclerror.lib.php"; File : /pcltrace.lib.php...

2020datashed.txt

vendor site:http://www.2020applications.com/ product:20/20 datashed bug:injection sql risk:high injection sql get : /f-email.asp?strPeopleID=1&itemID='sql /listings.asp?peopleID='sql /listings.asp?sortorder='sql laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: [email protected]...

Apple iTunes - Playlist Parsing Local Buffer Overflow

Apple iTunes - Playlist Parsing Local Buffer Overflow / PoC for iTunes on OS X 10.3.7 - [email protected] - Generates a .pls file, when loaded in iTunes it binds a shell to port 4444. Shellcode contains no \x00 or \x0a's. sample output: -nemo@gir:$ ./fm-eyetewnz foo.pls - fm-eyetewnz - -...

UNIX 7th Edition binmkdir - Local Buffer Overflow

UNIX 7th Edition binmkdir - Local Buffer Overflow / Exploit for /bin/mkdir Unix V7 PDP-11. mkdir has a buffer overflow when checking if the directory in /arg/with/slashes/fname exists. This will run /bin/sh with euid 0, but not uid 0. Since the shell doesn't do anything special about this, we don...

PHP-Nuke v 6.7 + Windows = File Upload

Informations : °°°°°°°°°°°°° Language : PHP Version : 6.7 Website : http://www.phpnuke.org Problem : File Upload PHP Code/Location : °°°°°°°°°°°°°°°°°°° modules/WebMail/mailattach.php :...

[ADV/EXP]: RH6.x root from bash /tmp vuln + MORE

Advisory: its been fixed, check some previous messages. bash1 /tmp vulns Also: uucp exploit - file creation/overwriting symlinks kinda exploit for man/makewhatis Requires: 1 local access to run the program 2 a crash or reboot to happened 3 /etc/cron.weekly/makewhatis.cron to be executed by cron 4...

redhat.lpr.txt

details of an exploit agains lpr-0.50-4 at least also affects other systems that may have the same print filters URL : http://crash.ihug.co.nz/Sneuro/lpd-adv.txt AFFECTS : lpr-0.50-4 & earlier SEVERITY : local ROOT possible. SYNOPSIS : escalation of group permissions, leading to exploit for every...

New Solaris root exploit for /usr/lib/lp/bin/netpr

Word on the street is that others have noticed this hole, so here goes. Have you noticed how many holes have been discovered in the printing system on Solaris? The netpr program is no exception. Included with this message are two exploits I wrote in 1999, one for SPARC versions of Solaris and the...

Hylafax Hylafax 4.0.2 - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/765/info Hylafax is a popular fax server software package designed to run on multiple UNIX operating systems. Some versions of Hylafax ship with a vulnerable sub program 'faxalter'. This program is installed SUID UUCP and has a buffer overflow which if...

ps_expl.sh

--- psexpl.sh: cut here --- !/bin/sh Exploit for Solaris 2.5.1 /usr/bin/ps J. Zbiciak, 5/18/97 change as appropriate CC=gcc Build the "replacement message" :- cat psexpl.po psexpl.c include include include define BUFLENGTH 632 define EXTRA 256 int mainint argc, char argv char bufBUFLENGTH + EXTRA...