Foxit Reader 9.0.1.1049 Use-After-Free

%PDF 1 0 obj 2 0 obj /S /JavaScript /JS / --------------------------------------------------------------------------------------------------- Exploit Title : Foxit Reader RCE with DEP bypass on Heap with shellcode Date : 08/04/2018 4 Aug Exploit Author : Manoj Ahuje Tested on : Windows 7 Pro x32...

Foxit Reader 9.0.1.1049 - Remote Code Execution

Foxit Reader 9.0.1.1049 - Remote Code Execution %PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley mrme of Source Incite Date: 22/06/2018 Technical details:...

Synology Photo Station 6.8.2-3461 Remote Code Execution

!/usr/local/bin/python """ Synology Photo Station = 6.8.2-3461 latest SYNOPHOTOFlickrMultiUpload Race Condition File Write Remote Code Execution Vulnerability Found by: mrme Tested: 6.8.2-3461 latest at the time Vendor Advisory: https://www.synology.com/en-global/support/security/SynologySA1802...

Synology Photo Station 6.8.2-3461 - SYNOPHOTO_Flickr_MultiUpload Remote Code Execution Exploit

Exploit for hardware platform in category remote exploits !/usr/local/bin/python """ Synology Photo Station = 6.8.2-3461 latest SYNOPHOTOFlickrMultiUpload Race Condition File Write Remote Code Execution Vulnerability Found by: mrme Tested: 6.8.2-3461 latest at the time Vendor Advisory:...

maian weblog <= 4.0 - Remote Blind SQL Injection

No description provided by source. ?php / maian weblog = v4.0 Remote Blind SQL Injection Exploit vendor: http://www.maianscriptworld.co.uk/ Thanks to Johannes Dahse: http://bit.ly/dpQXMK Explanation: Lines 335 - 341 of the index.php we see this if statement that concerns our variable $bpost. //...

Quick Player 1.2 - Unicode Buffer Overflow Exploit

No description provided by source. !/usr/bin/python Vulnerability : Quick Player v1.2 unicode buffer overflow exploit coded by : mrme reference : http://www.exploit-db.com/exploits/10759 corelanc0d3r Tested on : XP SP3 En VirtualBox Greetz to : Corelan Security...

SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow PoC Exploit

No description provided by source. / surethingcdlabelerbofpoc.c SureThing cd labeler m3u/pls - unicode stack overflow PoC exploit Found by: Ruben Alejandro - chap0 Author: Steven Seeley - mrme http://net-ninja.net/ Greetz to: Corelan Security Team...

CoreFTP 2.1 b1637 - (password field) Universal BOF Exploit

No description provided by source. !/usr/bin/python Vulnerability : CoreFTP v2.1 b1637 password field Universal BOF exploit Found by : mrme seeleymagic at hotmail dot com Coded by : mrme & corelanc0d3r Download from : http://www.coreftp.com/download.html Tested on : XP SP3 En VirtualBox Greetz to...

Simply Classified 0.2 XSS & CSRF Vulnerabilities

No description provided by source. Simply Classified 0.2 XSS & CSRF Vulnerabilities Found by: mrme Tested On: Windows Vista Note: For educational purposes only Author contact date: 16th December 2009 Advisory:...

AIMP2 Audio Converter <= 2.53b330 (.pls/.m3u) Unicode Crash PoC

No description provided by source. !/usr/bin/python AIMP2 Audio Converter = 2.53 build 330 .pls/.m3u Unicode local crash PoC Found & exploited by: mrme Download: ftp://www.catode.ru/AIMP/aimp2.51.330.zip Tested on: Wind0ws XP SP3 Unicode overflow, maybe someone with better skills can exploit this...

ScadaTEC ModbusTagServer & ScadaPhone (.zip) Buffer Overflow Exploit (0day)

No description provided by source. ?php / ScadaTEC ModbusTagServer & ScadaPhone .zip buffer overflow exploit 0day Date: 09/09/2011 Author: mrme @netninja Vendor: http://www.scadatec.com/ ScadaPhone Version: = 5.3.11.1230 ModbusTagServer Version: = 4.1.1.81 Tested on: Windows XP SP3...

Orbital Viewer 1.04 - (.orb) Local Universal SEH Overflow Exploit (0day)

No description provided by source. !/usr/bin/python Orbital Viewer v1.04 .orb 0day Local Universal SEH Overflow Exploit Date: 27 Feb 2010 CVE: CVE-2010-0688 Download: http://www.orbitals.com/orb/ov.htm Found & exploited by: mrme http://net-ninja.net Greetz to:...

PHP Speedy <= 0.5.2 Wordpress Plugin (admin_container.php) Remote Code Exec Exploit

No description provided by source. ?php / php speedy = 0.5.2 wordpress plugin admincontainer.php Remote Code Exec Exploit vendor: http://aciddrop.com/ ------------------------------- May the stars be aligned! php.ini requirements: registerglobals=On allowurlinclude=On magicquotesgpc=Off...

Measuresoft ScadaPro <= 4.0.0 - Remote Command Execution

No description provided by source. $Id: scadaprocmdexe.rb 13737 2011-09-16 08:23:59Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

freeFTPd 1.0.10 (PASS Command) - SEH Buffer Overflow Vulnerability

Exploit for windows platform in category remote exploits !/usr/bin/perl freeFTPd 1.0.10 anonymous-auth PASS SEH buffer overflow PoC by Wireghoul - www.justanotherhacker.com Date: 20130820 Tested on: XPSP3 Similar exploits: EDB 23079 1330 1339 Greetz corelan, TecR0C, mrme, jjkakakk if scalar@ARGV ...

Useresponse 1.0.2 - Privilege Escalation / Remote Code Execution

!/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.com/ vulns found by bcoles @bclose and mrme @netninja exploit by...

Family Connections CMS v2.5.0-v2.7.1 (less.php) remote command execution

Exploit for php platform in category web applications $theme = isset$argv1 ? $argv1 : 'default'; system"clear"; if fileexists"$dir/themes/$theme/style.css" echo "\n themes/$theme/style.css already exists.\n\n"; echo "Overwrite y/n ? "; $handle = fopen "php://stdin","r"; $line = fgets$handle; if...

Family Connections CMS 2.5.02.7.1 - less.php Remote Command Execution

Family Connections CMS 2.5.02.7.1 - less.php Remote Command Execution $theme = isset$argv1 ? $argv1 : 'default'; system"clear"; if fileexists"$dir/themes/$theme/style.css" echo "\n themes/$theme/style.css already exists.\n\n"; echo "Overwrite y/n ? "; $handle = fopen "php://stdin","r"; $line =...

Family Connections CMS 2.7.1 Remote Command Execution

$theme = isset$argv1 ? $argv1 : 'default'; system"clear"; if fileexists"$dir/themes/$theme/style.css" echo "\n themes/$theme/style.css already exists.\n\n"; echo "Overwrite y/n ? "; $handle = fopen "php://stdin","r"; $line = fgets$handle; if trim$line != 'y' exit; $worked = system"php -q...

BlazeVideo HDTV Player 6.6 Professional Universal DEP+ASLR Bypass

Exploit for windows platform in category local exploits Exploit Title: BlazeVideo HDTV Player 6.6 Professional Universal DEP+ASLR Bypass Author: modpr0be Software Download: http://www.blazevideo.com/download.php?product=blazevideo-hdtv-pro Date: 07/10/2011 Tested on: Windows XP SP3, Windows Vista...