PlayStation: sys_fsc2h_ctrl kernel stack free

The sysfsc2hctrl kernel function can lead to a kernel stack free vulnerability. The vulnerability is caused by a race condition involving multiple threads accessing a local stack buffer. This could potentially result in a privilege escalation...

HackTool.Win32.Agent.gi Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e60606d19a36789662ba97b4bb5c4ccf.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.Agent.gi Vulnerability: Local Stack Buffer Overflow SEH Description: The Hack Office...

eZip Wizard 3.0 - Local Stack Buffer Overflow PoC (SEH)

No description provided by source. /ezip wizard Local Stack Buffer Overflow SEH POC SEH chain of main thread Address SE handler 0012FC60 58585858 0012FC60 41414141 AAAA Pointer to next SEH record Old bug ,still not fixed by vendors ,this kind of file can cause problems to a lot of soft of this...

IrfanView <= 3.99 IFF File Local Stack Buffer Overflow Exploit

No description provided by source. /Irfan View 3.99 .IFF File Local Stack Buffer Overflow This sploit runs calc.exe tested on Win XP Pro sp3;If you run it on another vs of Win make sure you chance the retaddress,but it works almost all the time so.. . Credits for finding the bug and sploit go to...

Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability

Title: ====== Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability Date: ===== 2013-09-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1085 VL-ID: ===== 1085 Common Vulnerability Scoring System: ==================================== 6.1 Introduction...

BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow

BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow !/usr/bin/perl BlazeDVD Pro player 6.1 Local stack based buffer overflow Author: PuN1sh3r Email: [email protected] Date: Mon Jul 15 03:01:37 EDT 2013 Vendor link: http://www.blazevideo.com/download.htmm Software Link:...

Foxit Reader 4.1.1 - Local Stack Buffer Overflow

Exploit Title : Foxit 4.1.1 Date : 13/11/2010 Author : Sud0 Bug found by : dookie Original POC : https://www.exploit-db.com/exploits/15514/ Software Link : http://www.foxitsoftware.com/downloads/index.php Version : 4.1.1 OS : Windows Tested on : XP SP3 En VirtualBox Type of vuln : EIP / SEH Thank...

Xion Player 1.0.125 - Local Stack Buffer Overflow

!/usr/bin/python Title: Xion 1.0.125 Stack Buffer Overflow Date: August 13, 2010 Author: corelanc0d3r and dijital1 Grtz to dijital1 : I had a lot of fun working with you on this one ! : Grtz to dookie2000ca : Original Advisory: http://www.exploit-db.com/exploits/14517 hadji samir Platform: Window...

ZippHo 3.0.6 - &#039;.zip&#039; Local Stack Buffer Overflow

!/usr/bin/python ZippHo 3.0.6 .zip 0day stack buffer overflow PoC exploit Author: mrme - http://net-ninja.net/ & http://twitter.com/StevenSeeley Download: http://www.brothersoft.com/zippho-71295.html Platform: Windows XP sp3 En Greetz to: Corelan Security Team & fl0 fl0w...

QuickZip 4.60.019 (Windows XP SP3) - Local Stack Buffer Overflow

QuickZip 4.60.019 Windows XP SP3 - Local Stack Buffer Overflow Exploit Title : QuickZip 4.60.019 Stack BOF - XP SP3 OSVDB-ID : 62781 Date : March 2nd 2010 Author : corelanc0d3r Bug found by : corelanc0d3r Software Link : http://www.quickzip.org/downloads.html Version : 4.60.019 OS : Windows Teste...

Winamp 5.05 5.13 - .ini Local Stack Buffer Overflow

Winamp 5.05 5.13 - .ini Local Stack Buffer Overflow /Winamp 5.05-5.13 .ini local stack buffer overflow poc The problem is in the skin field when a long string is writen it causes the buffer overflow. All u have to do is replace this file with the initial one. -snipp-- Winamp...

M.J.M. Quick Player 1.2 - Local Stack Buffer Overflow

M.J.M. Quick Player 1.2 - Local Stack Buffer Overflow Vulnerability : M.J.M. Quick Player v1.2 Stack BOF Discovered by : mrme seeleymagicathotmaildotcom Sploit written by : corelanc0d3r corelanc0d3ratgmaildotcom Sploit released : dec 28th, 2009 Type : local and remote code execution OS : Windows...

Mediacoder 0.6.2.4275 - &#039;.lst&#039; Local Stack Buffer Overflow

!/usr/bin/perl MediaCoder 0.6.2.4275 .lst Stack Based Overflow Discovered by : SKULL-HACKER my $header = "\x5B\x70\x6C\x61\x79\x6C\x69\x73\x74\x5D\x0A\x46\x69\x6C\x65\x31\x3D"; my $junk = "\x41" x 254; my $ret = "\x93\x43\x92\x7c"; my $nop = "\x90" x 25; win32exec - EXITFUNC=seh CMD=calc.exe...

Mediacoder 0.6.2.4275 - .lst Local Stack Buffer Overflow

Mediacoder 0.6.2.4275 - .lst Local Stack Buffer Overflow !/usr/bin/perl MediaCoder 0.6.2.4275 .lst Stack Based Overflow Discovered by : SKULL-HACKER my $header = "\x5B\x70\x6C\x61\x79\x6C\x69\x73\x74\x5D\x0A\x46\x69\x6C\x65\x31\x3D"; my $junk = "\x41" x 254; my $ret = "\x93\x43\x92\x7c"; my $nop ...

Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (SEH)

Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow SEH include include include include include unsigned char rawData = 0x23, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6C, 0x44, 0x4A, 0x20, 0x50, 0x6C, 0x61, 0x79, 0x6C, 0x69, 0x73, 0x74, 0x0D, 0x0A, 0x23, 0x4D, 0x69, 0x78, 0x54, 0x79, 0x70, 0x65,...

eZip Wizard 3.0 - Local Stack Buffer Overflow (PoC) (SEH)

/ezip wizard Local Stack Buffer Overflow SEH POC SEH chain of main thread Address SE handler 0012FC60 58585858 0012FC60 41414141 AAAA Pointer to next SEH record Old bug ,still not fixed by vendors ,this kind of file can cause problems to a lot of soft of this kind. Ex: ZipGenius stack buffer...

BitTorrent 6.0.3 - &#039;.torrent&#039; Local Stack Buffer Overflow

!/usr/bin/perl BitTorrent 6.0.3 .torrent File Stack Buffer Overflow Exploit 09/21/2008 by ksOSe && oVeret use warnings; use strict; If you change thisavoid \x80-\x9f unless you really know what you are doing you must also change the length value of the decoder my $shellcode = windows/exec...

irfanviewiff-overflow.txt

/Irfan View 3.99 .IFF File Local Stack Buffer Overflow This sploit runs calc.exe tested on Win XP Pro sp3;If you run it on another vs of Win make sure you chance the retaddress,but it works almost all the time so.. . Credits for finding the bug and sploit go to fl0 fl0w. Gretez to all romanian...

Apple Mac OSX - mount_smbfs Local Stack Buffer Overflow

Apple Mac OSX - mountsmbfs Local Stack Buffer Overflow / Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179...

Apple Mac OSX - &#039;mount_smbfs&#039; Local Stack Buffer Overflow

/ Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179 http://seclists.org/fulldisclosure/2007/Dec/0445.html...