Xenorate 2.50 - (.xpl) universal Local Buffer Overflow Exploit (SEH) (meta)

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::FILEFORMAT include Msf::Exploit::Remote::Seh include Msf::Exploit::Egghunter def initializeinfo = superupdateinfoinfo, 'Name' = 'Xenorate 2.50.xpl universal Local Buffer Overflow...

Linux Kernel 2.6.x - Ext4 'move extents' ioctl Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37277/info Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. Exploits may allow attackers to execute arbitrary code with kernel-level privileges a...

Adobe Device Central CS5 DLL Hijacking Exploit (qtcf.dll)

No description provided by source. / Exploit Title: Adobe Device Central CS5 DLL Hijacking Exploit qtcf.dll Date: August 24, 2010 Author: Glafkos Charalambous glafkos@astalavistadotcom Version: Latest CS5 v3.0.0376 Tested on: Windows 7 x64 Ultimate Vulnerable extensions: .adcp Greetz: Astalavista...

TVT TD-2308SS-B DVR - Directory Traversal Vulnerability

No description provided by source. Exploit Title: TVT TD-2308SS-B DVR directory traversal Shodan Dork: Cross Web Server Date: 01 Dec 2013 Disclosure date: 10 Sep 2013 Exploit Author: Cesar Neira Vendor Homepage: http://en.tvt.net.cn/ Affected Firmware Versions: 3.1.43.B 3.1.43.P 3.1.6.P-1.0.2.1-0...

Aim Web Design Multiple Vulnerabilities

No description provided by source. ======================================================================= Aim Web Design Multiple Vulnerabilities ======================================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1...

Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit (x86/x64)

No description provided by source. / second verse, same as the first CVE-2009-2698 udpsendmsg, x86/x64 Cheers to Julien/Tavis for the bug, p0c73n1 for just throwing code at NULL and finding it executed This exploit is a bit more nuanced and thoughtful ; use ./therebel.sh for everything At this...

MoviePlay 4.82 - (.lst) Buffer Overflow

No description provided by source. !/usr/bin/env python MoviePlay 4.82 .lst Buffer Overflow Author: sickness Download : http://www.softpedia.com/get/Multimedia/Video/Video-Players/MoviePlay.shtml Previous version exploit can be found here: http://www.exploit-db.com/exploits/4051/ Tested : Windows...

[oss-security] OpenFiler - Arbitrary Code Execution &amp; Stored XSS

hi, Multiple vulnerabilities were discovered in the latest version of OpenFiler appliance, 2.99.1 as reported herehttps://forums.openfiler.com/index.php?/topic/6720-arbitrary-code-execution-stored-xss-vulnerability-in-openfiler-latest-version-2991/, here http://www.exploit-db.com/exploits/33247 a...

EFS Easy Chat Server 3.1 - Remote Stack Buffer Overflow

Exploit-DB Note: The offset to SEH is influenced by the installation path of the program. For this specific exploit to work, easy chat must be installed to: 'C:\Program Files\EFS Software\Easy Chat Server' Exploit Title: Easy Chat Server 3.1 stack buffer overflow Date: 9 May 2014 Exploit Author:...

McAfee Asset Manager Multiple Vulnerabilities

McAfee Asset Manager is prone to directory traversal and SQL injection vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer 10 - CMarkup Use-After-Free (MS14-012)

Microsoft Internet Explorer 10 - CMarkup Use-After-Free MS14-012 mxmlc.exe AsXploit.as -o AsXploit.swf Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/32851-AsXploit.as -- var garr = ; var arrLen = 0x250; function dword2datadword var d =...

MS14-012 Internet Explorer CMarkup Use-After-Free

mxmlc.exe AsXploit.as -o AsXploit.swf E-DB Note: http://www.exploit-db.com/sploits/32851-AsXploit.as -- var garr = ; var arrLen = 0x250; function dword2datadword var d = Numberdword.toString16; while d.length 8 d = '0' + d; return unescape'%u' + d.substr4, 8 + '%u' + d.substr0, 4; function eXpl v...

Microsoft Internet Explorer 10 - CMarkup Use-After-Free (MS14-012)

mxmlc.exe AsXploit.as -o AsXploit.swf Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/32851-AsXploit.as -- var garr = ; var arrLen = 0x250; function dword2datadword var d = Numberdword.toString16; while d.length 8 d = '0' + d; return unescape'%u...

Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability - Linux

Adobe Reader is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Reader 'Download Manager' Privilege Escalation Vulnerability - Mac OS X

Adobe Reader is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP

Exploit-DB Note: XPSP3 - my $eip = pack'V',0x7c868667; jmp ESP on kernel32.dll Date: Tue Apr 8 2014 Vendor link: http://www.blazevideo.com/download.htmm Software Link: http://www.blazevideo.com/download.php?product=BlazeDVDPro App Version: 6.1 Tested on: Windows XP service pack 2 en my $file=...

plexusCMS 0.5 - Cross-Site Scripting Remote Shell Credentials Leak

plexusCMS 0.5 - Cross-Site Scripting Remote Shell Credentials Leak Exploit Title: plexusCMS 0.5 XSS Remote Shell Exploit Google Dork: allinurl: plx-storage Date: 22.02.2013 Exploit Author: neglomaniac Vendor Homepage: http://plexus-cms.org/ Version: 0.5 --- FILES backdoor.php simple commend execu...

Pompem - Exploit Finder

Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day,...

MP3Info 0.8.5a - Local Buffer Overflow (SEH)

Exploit Title: mp3info SEH exploit Date: 18 March 2014 Exploit Author: Ayman Sagy Vendor Homepage: http://ibiblio.org/mp3info/ Software Link: https://www.exploit-db.com/apps/cb7b619a10a40aaac2113b87bb2b2ea2-mp3info-0.8.5a.tgz Version: MP3Info 0.8.5 Tested on: Windows 7 Ultimate 64 and 32 bit CVE ...

Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20140311 Date: 11th March 2014 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: QNX Neutrino RTOS 6.5.0...