Lucene search
+L

546 matches found

Exploit DB
Exploit DB
added 2009/01/01 12:0 a.m.23 views

Linux/x86 - setuid(0) + chmod(/etc/shadow, 0666) Shellcode (37 bytes)

Linux/x86 - setuid0 + chmod/etc/shadow, 0666 Shellcode 37 bytes. Shellcode exploit for Linuxx86 platform / Title: linux/x86 setuid0 + chmod"/etc/shadow", 0666 Shellcode 37 Bytes Type: Shellcode Author: antrhacks Platform: Linux X86 / / ASSembly 31 db xor %ebx,%ebx b0 17 mov $0x17,%al cd 80 int...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/01/01 12:0 a.m.23 views

Linux/x86 - execve(/bin/sh,0,0) Shellcode (21 bytes)

Linux/x86 - execve/bin/sh,0,0 Shellcode 21 bytes. Shellcode exploit for Linuxx86 platform / linux/x86 execve"/bin/sh",0,0 21 bytes http://www.gonullyourself.org sToRm / char shellcode = // "\x31\xc9" // xor %ecx,%ecx "\xf7\xe1" // mul %ecx "\x51" // push %ecx "\x68\x2f\x2f\x73\x68" // push...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/01/01 12:0 a.m.21 views

Linux/x86 - Remote File Download Shellcode (42 bytes)

Linux/x86 - Remote File Download Shellcode 42 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux x86 - Remote file Download - 42 bytes Author: Jonathan Salwan Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan !Database of Shellcodes...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2008/11/11 12:0 a.m.108 views

VMware产品Trap Flag处理本地权限提升漏洞

BUGTRAQ ID: 32168 CVECAN ID: CVE-2008-4915 VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMWare在处理指令的执行时存在问题,攻击者可能利用此漏洞提升自己的权限。如果在设置了Trap Flag的情况下出现中断,正确的CPU将执行转移到中断处理器之前会清除Trap Flag。对于受影响的VMware版本,如果内核态IRET设置了Trap Flag的话,则在执行单字节INT 3指令的时候Trap Flag在模式切换后仍继续存在,这造成的结果就是如果能够导致内核通过IRET设置Trap...

6.9CVSS6.5AI score0.00408EPSS
Exploits1
seebug.org
seebug.org
added 2008/10/25 12:0 a.m.80 views

Count.cgi(wwwcount)远程缓冲区溢出漏洞

BugCVE: CVE-1999-0021 BUGTRAQ: 128 Count.cgi wwwcount是一个非常流行的Web站点跟踪统计CGI程序。一般它作为Web页面点击数统计。1997年10月,这个程序被发现了两个远程漏洞。第一个漏洞比较轻微,它能允许远程用户浏览到受限制的.GIF文件,可能泄漏.GIF文件里潜在的敏感数据。 第二个漏洞比较严重,count.cgi程序在处理QUERYSTRING环境变量的时候存在缓冲区溢出漏洞。远程攻击者可以发送一个超长的请求给程序就能进行溢出攻击,以Web用户的权限在系统执行任意命令。 2.3 Muhammad A. Muquit...

7.5CVSS6.6AI score0.2667EPSS
Exploits1
seebug.org
seebug.org
added 2008/04/03 12:0 a.m.70 views

CUPS gif_read_lzw()函数GIF文件处理缓冲区溢出漏洞

BUGTRAQ ID: 28544 CVECAN ID: CVE-2008-1373 Common Unix Printing System CUPS是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS处理畸形格式的GIF文件时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 CUPS打印系统所使用的GIF解析代码直接从GIF图形中读取了codesize值,且没有经过验证便用于初始化gifreadlzw中的表格数组,这可能导致静态溢出。...

5.8CVSS0.5AI score0.02171EPSS
Exploits2
Prion
Prion
added 2007/05/02 5:19 p.m.15 views

Design/Logic Flaw

Parallels allows local users to cause a denial of service virtual machine abort via 1 certain INT instructions, as demonstrated by INT 0xAA; 2 an IRET instruction when an invalid address is at the top of the stack; 3 a malformed MOVNTI instruction, as demonstrated by using a register as a...

6.1CVSS6.9AI score0.00598EPSS
Exploits0References5
NVD
NVD
added 2007/05/02 5:19 p.m.23 views

CVE-2007-2455

Parallels allows local users to cause a denial of service virtual machine abort via 1 certain INT instructions, as demonstrated by INT 0xAA; 2 an IRET instruction when an invalid address is at the top of the stack; 3 a malformed MOVNTI instruction, as demonstrated by using a register as a...

6.1CVSS6.4AI score0.00598EPSS
Exploits0References5
Metasploit
Metasploit
added 2007/04/28 7:0 p.m.20 views

OS X Command Shell, Reverse TCP Inline

Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 65 include Msf::Payload::Single include Msf::Payload::Osx include...

0.3AI score
Exploits0
Oracle linux
Oracle linux
added 2007/04/04 12:0 a.m.34 views

Important: XFree86 security update

4.3.0-120.EL.0.1 - Add oracle detection to Imake. 4.3.0-120.EL - add cve-2007-1351.patch 234056 4.3.0-119.EL - Add int-overflow.patch 231684 - comment out requirement on fonts-base as that is an unreleased change. 4.3.0-118.EL - Add cve-2007-1003.patch 232996 4.3.0-117.EL - Make xfs depend on...

9CVSS2.6AI score0.05586EPSS
Exploits0
Oracle linux
Oracle linux
added 2007/04/04 12:0 a.m.50 views

Important: xorg-x11 security update

6.8.2-1.EL.13.37.0.1 - Add Enterprise Linux detection 6.8.2-1.EL.13.37.7 - Add cve-2007-1351.patch 234056 6.8.2-1.EL.13.37.6 - Add cve-2007-1003.patch 233000 - Add int-overflow.patch 231693 6.8.2-1.EL.13.37.5 - Add xorg-x11-6.8.2-sorted-xkbcomp-dirs.patch to fix rpmdiff multilib failure...

9.3CVSS4.4AI score0.05586EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/01/17 12:0 a.m.21 views

Fedora Core 5 : libwmf-0.2.8.4-5.1 (2006-805)

CVE-2006-3376 int overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenab...

7.5CVSS6.3AI score0.07745EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2006/11/16 12:0 a.m.27 views

linux/x86 - execve/bin/sh 22 bytes

linux/x86 execve/bin/sh 22 bytes. Shellcode exploit for linx86 platform / revenge-execve.c, v1.0 2006/10/14 16:32 Yet another linux execve shellcode.. linux/x86 execve"/bin//sh/","/bin//sh",NULL shellcode http://www.0xcafebabe.it But this time it's 22 bytes We could start the shellcode with a mov...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/04/17 12:0 a.m.18 views

linux/x86 execve(/bin/sh) + RIFF Header 28 bytes

No description provided by source. / linux/x86 - execve"/bin/sh", "/bin/sh", NULL + RIFF Header - 28 bytes root@magicbox: file linux-sh-riffhdr.bin linux-sh-riffhdr.bin: RIFF little-endian data - izik [email protected] / char shellcode = // // RIFF Header 5 bytes // "\x52" // push %edx "\x49" // dec...

7.1AI score
Exploits0
NVD
NVD
added 2006/02/10 11:2 a.m.18 views

CVE-2006-0635

Tiny C Compiler TCC 0.9.23 aka TinyCC evaluates the "isizeofint" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers...

4.6CVSS6.9AI score0.00342EPSS
Exploits0References2
0day.today
0day.today
added 2006/01/21 12:0 a.m.20 views

linux/x86 anti-debug trick (INT 3h trap) + execve /bin/sh 39 bytes

Exploit for linux/x86 platform in category shellcode ================================================================== linux/x86 anti-debug trick INT 3h trap + execve /bin/sh 39 bytes ================================================================== / linux/x86 anti-debug trick INT 3h trap +...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2006/01/21 12:0 a.m.37 views

linux/x86 anti-debug trick INT 3h trap + execve /bin/sh 39 bytes

linux/x86 anti-debug trick INT 3h trap + execve /bin/sh 39 bytes. Shellcode exploit for linx86 platform / linux/x86 anti-debug trick INT 3h trap + execve"/bin/sh", "/bin/sh", NULL, NULL - 39 bytes The idea behind a shellcode w/ an anti-debugging trick embedded in it, is if for any reason the IDS...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/01/21 12:0 a.m.30 views

linux/x86 setreuid0, 0 + execve/bin/sh 31 bytes

linux/x86 setreuid0, 0 + execve/bin/sh 31 bytes. Shellcode exploit for linx86 platform / linux/x86 setreuid0, 0 + execve"/bin/sh", "/bin/sh", NULL, NULL - 31 bytes - izik / char shellcode = "\x6a\x46" // push $0x46 "\x58" // pop %eax "\x31\xdb" // xor %ebx,%ebx "\x31\xc9" // xor %ecx,%ecx...

0.2AI score
Exploits0
0day.today
0day.today
added 2005/08/19 12:0 a.m.33 views

linux/x86 /bin/sh sysenter Opcode Array Payload 45 bytes

Exploit for linux/x86 platform in category shellcode ======================================================== linux/x86 /bin/sh sysenter Opcode Array Payload 45 bytes ======================================================== / lnxbinsh2.c - v1 - 45 Byte /bin/sh sysenter Opcode Array Payload...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.39 views

Debian DSA-278-1 : sendmail - char-to-int conversion

Michal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent. This problem is potentially remotely exploitable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

10CVSS5.7AI score0.38188EPSS
Exploits0References2
Rows per page
Query Builder