buffer-overflow

Buffer Overflow Overview This repository contains educatio...

EUVD-2010-1479

Malware in sbrugna...

NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit

/ Exploit Title: NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Date: Jun 2007 Exploit Author: mu-b Vendor Homepage: https://www.microfocus.com/en-us/cyberres/identity-access-management Version: All Tested on: Windows / Solaris x86/SPARC CVE : 0day endpoint-pown-uni.c...

Solaris 789 (SPARC) - dtprintinfo Local Privilege Escalation (2)

Solaris 789 SPARC - dtprintinfo Local Privilege Escalation 2 / raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this...

Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

/ raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on...

Vivotek IP Cameras - Remote Stack Overflow (PoC)

Vivotek IP Cameras - Remote Stack Overflow PoC STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials...

Solaris 8/9 passwd(1) - circ() Stack-Based Buffer Overflow Privilege Escalation Exploit

Exploit for linux platform in category local exploits / $Id: raptorpasswd.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorpasswd.c - passwd circ local, Solaris/SPARC 8/9 Copyright c 2004 Marco Ivaldi Unknown vulnerability in passwd1 in Solaris 8.0 and 9.0 allows local users to gain privileges via...

CVE-2010-1451

The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain PAGEEXEC4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent...

Return-into-libc attack and Defense-bug warning-the black bar safety net

This article first analyzes the return-into-libc attack principle, were introduced in different platforms for the traditional return-into-libc attack of the experimental process and results. Then, this paper further introduces and explains the return-oriented programming attacks, this attack can...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (x86)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/NonExecutableLovin.txt This code currently jum...

Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)

No description provided by source. / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi [email protected] Buffer overflow in login in various System V based operating systems allows remote attackers to...

SuSE 11.1 Security Update : openssl (SAT Patch Number 6245)

This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption. CVE-2012-2110 Additionally, a check for negative buffer length values was added CVE-2012-2131 and the stack made non-executable by marking the enhanced Intel SSSE3 assembler code as not...

Muse Music All-in-One 1.5.0.001 - .pls Local Buffer Overflow (DEP Bypass)

Muse Music All-in-One 1.5.0.001 - .pls Local Buffer Overflow DEP Bypass !/usr/bin/perl +Exploit Title: Muse Music All-In-One PLS File Buffer Overflow ExploitDEP Bypass +Date: 25\09\2011DD\MM\YYYY +Author: C4SS!0 G0M3S +Software Link:...

NetSupport Manager Agent Remote Buffer Overflow

This module exploits a buffer overflow in NetSupport Manager Agent. It uses a similar ROP to the proftpdiac exploit in order to avoid non executable stack. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

NetSupport Manager Agent - Remote Buffer Overflow (Metasploit) (2)

$Id: netsupportmanageragent.rb 11868 2011-03-03 01:04:47Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVE-2010-1451

The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain PAGEEXEC4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent...

Solaris 2.5.1/2.6/7/8 rlogin /bin/login Buffer Overflow Exploit (SPARC)

No description provided by source. / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi [email protected] Buffer overflow in login in various System V based operating systems ...

Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Exploit

No description provided by source. / Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179...

applesmb-overflow.txt

/ Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179 http://seclists.org/fulldisclosure/2007/Dec/0445.html...

Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Exploit

Exploit for macOS platform in category local exploits ============================================================== Apple Mac OS X mountsmbfs Stack Based Buffer Overflow Exploit ============================================================== / Copyright C 2007-2008 Subreption LLC. All rights...