Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)

Microsoft Internet Explorer 11 Windows 10 - VBScript Memory Corruption MS16-051 Source: https://github.com/theori-io/cve-2016-0189 CVE-2016-0189 Proof-of-Concept exploit for CVE-2016-0189 VBScript Memory Corruption in IE11 Tested on Windows 10 IE11. Write-up http://theori.io/research/cve-2016-018...

Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)

Source: https://github.com/theori-io/cve-2016-0189 CVE-2016-0189 Proof-of-Concept exploit for CVE-2016-0189 VBScript Memory Corruption in IE11 Tested on Windows 10 IE11. Write-up http://theori.io/research/cve-2016-0189 To run 1. Download support/.dll or compile .cpp for yourself and exploit/.html...

VideoLAN VLC Media Player 2.1.5 - DEP Access Violation

VideoLAN VLC Media Player 2.1.5 - DEP Access Violation Title : VLC Player 2.1.5 DEP Access Violation Vulnerability Discoverer: Veysel HATAS @muh4f1z Web page : www.binarysniper.net Vendor : VideoLAN VLC Project Test: Windows XP SP3 Status: Fixed Severity : High CVE ID : CVE-2014-9597 NIST:...

Microsoft Windows Kernel Intel x64 SYSRET PoC

No description provided by source. Source: http://packetstormsecurity.org/files/115908/sysret.rar This is proof of concept code that demonstrates the Microsoft Windows kernel Intel/x64 SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will grant NT SYSTEM...

Windows RSH daemon <= 1.8 - Remote Buffer Overflow Exploit

No description provided by source. Windows RSH daemon = 1.8 Remote Buffer Overflow Exploit Exploit-DB mirror: http://www.exploit-db.com/sploits/2008-prdelka-vs-MS-rshd.tar.gz milw0rm.com 2008-01-21...

TeamHelpdesk Customer Web Service (CWS) 8.3.5 & Technician Web Access (TWA) 8.3.5 - Remote User Credential Dump

No description provided by source. Exploit Title: Team Helpdesk Customer Web Service CWS Remote User Credential Dump exploit Exploit Title: Team Helpdesk Technician Web Access TWA Remote User Credential Dump exploit Date: May 5, 2014 Exploit Author: bhamb [email protected] Vendor Homepage:...

Symantec Endpoint Protection Manager 12.1.x - SEH Overflow POC

No description provided by source. Exploit-DB mirror: http://www.exploit-db.com/sploits/33056-sepm-secars-poc-v0.3.tar.gz !/usr/bin/perl -w Exploit Title: Symantec Endpoint Protection Manager 12.1.x - SEH Overflow POC Date: 31 January 2013 Exploit Author: [email protected] a.k.a...

TVT TD-2308SS-B DVR - Directory Traversal Vulnerability

No description provided by source. Exploit Title: TVT TD-2308SS-B DVR directory traversal Shodan Dork: Cross Web Server Date: 01 Dec 2013 Disclosure date: 10 Sep 2013 Exploit Author: Cesar Neira Vendor Homepage: http://en.tvt.net.cn/ Affected Firmware Versions: 3.1.43.B 3.1.43.P 3.1.6.P-1.0.2.1-0...

Microsoft Internet Explorer 10 - CMarkup Use-After-Free (MS14-012)

Microsoft Internet Explorer 10 - CMarkup Use-After-Free MS14-012 mxmlc.exe AsXploit.as -o AsXploit.swf Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/32851-AsXploit.as -- var garr = ; var arrLen = 0x250; function dword2datadword var d =...

plexusCMS 0.5 - Cross-Site Scripting Remote Shell Credentials Leak

plexusCMS 0.5 - Cross-Site Scripting Remote Shell Credentials Leak Exploit Title: plexusCMS 0.5 XSS Remote Shell Exploit Google Dork: allinurl: plx-storage Date: 22.02.2013 Exploit Author: neglomaniac Vendor Homepage: http://plexus-cms.org/ Version: 0.5 --- FILES backdoor.php simple commend execu...

Nginx 1.4.0 (Generic Linux x64) - Remote Overflow

nginx = 1.4.0 exploit for CVE-2013-2028 by sorbo Fri Jul 12 14:52:45 PDT 2013 ./brop.rb 127.0.0.1 for remote hosts: ./frag.sh ip ./brop.rb ip rm state.bin when changing host or relaunching nginx with canaries scan.py will find servers, reading IPs from ips.txt This is a generic exploit for 64-bit...

Nginx 1.4.0 (Generic Linux x64) - Remote Overflow

Nginx 1.4.0 Generic Linux x64 - Remote Overflow nginx = 1.4.0 exploit for CVE-2013-2028 by sorbo Fri Jul 12 14:52:45 PDT 2013 ./brop.rb 127.0.0.1 for remote hosts: ./frag.sh ip ./brop.rb ip rm state.bin when changing host or relaunching nginx with canaries scan.py will find servers, reading IPs...

VideoLAN VLC Media Player 2.1.3 - &#039;.avs&#039; Crash (PoC)

Exploit Title: VLC 2.1.3 WriteAV Vulnerability, Decoders Date: 2014/02/20 Exploit Author: kw4 Software Link: http://www.videolan.org/vlc/index.html Version: 2.1.3 Impact Med/High Tested on: Windows 7 64 bits Memory corruption when VLC tries to load crafted .avs files. 2b10.2750: Access violation ...

Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow

Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow Application:Notepad++ Version:6.5.2 UNICODE Get the application from: http://notepad-plus-plus.org/download/v6.5.2.html Plugin:CCompletion Version: Version 1.19 Unicode Get the plugin from:...

TVT TD-2308SS-B DVR - Directory Traversal

Exploit Title: TVT TD-2308SS-B DVR directory traversal Shodan Dork: "Cross Web Server" Date: 01 Dec 2013 Disclosure date: 10 Sep 2013 Exploit Author: Cesar Neira Vendor Homepage: http://en.tvt.net.cn/ Affected Firmware Versions: 3.1.43.B 3.1.43.P 3.1.6.P-1.0.2.1-03 3.1.75.B-1.0.2.1-00...

TVT TD-2308SS-B DVR - Directory Traversal

TVT TD-2308SS-B DVR - Directory Traversal Exploit Title: TVT TD-2308SS-B DVR directory traversal Shodan Dork: "Cross Web Server" Date: 01 Dec 2013 Disclosure date: 10 Sep 2013 Exploit Author: Cesar Neira Vendor Homepage: http://en.tvt.net.cn/ Affected Firmware Versions: 3.1.43.B 3.1.43.P...

IRIS Citations Management Tool - (Authenticated) Remote Command Execution

Here is a bug that I finally found time to write about :- https://infosecabsurdity.wordpress.com/2013/02/09/iris-citations-management-tool-post-auth-remote-command-execution/ The attached contains my mini framework, exploit and screenshot. Cheers! aeon I Read It Somewhere IRIS = v1.3 post auth...

Vice City Multiplayer Server 0.3z R2 - Remote Code Execution

Vice City Multiplayer Server 0.3z R2 - Remote Code Execution / Exploit Title: Vice City Multiplayer remote code execution Server Date: 22/08/2012 Exploit Author: Sasuke78200 Benjaa Toufik Software Link: http://www.vicecitymultiplayer.com/downloads/03zr2/server0.3zr2pawnwinupdated2.zip Version: 0....

Foxit Reader - COM Objects Memory Corruption Remote Code Execution

Bugtraq ID: 36673 Published: Oct 14 2009 12:00AM Updated: Nov 19 2009 03:25PM Credit: mrx Vulnerable: Foxit Reader 3.1.1 Build 0928 Foxit Foxit Reader 3.0.2009 1301 Foxit Foxit Reader 3.0 Build 1817 Foxit Foxit Reader 3.0 Build 1506 Foxit Foxit Reader 3.0 Foxit Reader is prone to a remote...

BibTeX - &#039;.bib&#039; File Handling Memory Corruption

Bugtraq ID: 34332 Class: Failure to Handle Exceptional Conditions Published: Apr 01 2009 12:00AM Updated: Nov 13 2009 03:46PM Credit: Vincent Lafevre Vulnerable: RedHat Linux 2.1 RedHat Fedora 9 0 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 5 RedHat Enterprise Linux WS 4 RedHat...