Persits XUpload ActiveX MakeHttpRequest Directory Traversal

No description provided by source. $Id: persitsxuploadtraversal.rb 10998 2010-11-11 22:43:22Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

PHP <= 4.4.6 ibase_connect() Local Buffer Overflow Exploit

No description provided by source. ?php // PHP = 4.4.6 ibaseconnect & ibasepconnect local buffer overflow // poc exploit // windows 2000 sp3 en / seh overwrite // by rgod // site: http://retrogod.altervista.org if !extensionloadedinterbase dieonly works with interbase extension ; $scode= \xeb\x1b...

Exponent CMS <= 0.96.3 (view) Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' .:---------------------------------------------------------------------------:. Exponent CMS 0.96.3 stable possibly other versions "view" arbitrary local inclusion / remote commands xctn exploit by rgod...

South River Technologies WebDrive Service Bad Security Descriptor Local Privilege Escalation

No description provided by source. South River Technologies WebDrive Service Bad Security Descriptor Local Privilege Escalation. This module exploits a privilege escalation vulnerability in South River Technologies WebDrive. Due to an empty security descriptor, a local attacker can gain elevated...

PHPizabi 0.848b - C1 HFP1 Remote Privilege Escalation Vulnerability

No description provided by source. -------------------------------------------------------------------------------- PHPizabi v0.848b C1 HFP1 proc.inc.php remote privilege escalation php.ini independent by Nine:Situations:Group::bookoo...

Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution

Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution tested against: Microsoft Windows Server 2008 R2 sp1 download url: http://www.symantec.com/it/it/products-solutions/trialware/ file tested: SymantecWorkspaceStreaming7.5.0.493.zip vulnerability: the...

Symantec Workspace Streaming 7.5.0.493 Rmote Code Execution

Symantec Workspace Streaming version 7.5.0.493 suffers from a SWS streamlet engine invoker servlets remote code execution vulnerability. Proof of concept code included. Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution tested against: Microsoft...

Adobe Photoshop CS5.1 U3D.8BI Collada Asset Elements Stack Overflow

Exploit for windows platform in category local exploits ?php // Adobe Photoshop CS5.1 U3D.8bi Library Collada Asset Elements // Unicode Conversion Stack Based Buffer Overflow poc .dae // 32bit/SEH // // unicode overflow occurs when overlong asset elements are processed // one could be able to...

Quest Toad For Oracle Explain Plan Display File Creation / Overwrite

try obj.SaveToFile"c:\windows\win.ini"; catche try obj.SaveToFile"../../../../../../../../../../windows/win.ini"; catche original url: http://retrogod.altervista.org/9sgquesttoadpoc.htm...

HP Photo Creative 2.x Active-X Control Buffer Overflow

//add user one, user "sun" pass "tzu" shellcode = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" + "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" + "%u4142%u4230%u5841%u3850%u4241%u6d75%u6b39%u494c" +...

South River Technologies WebDrive Service Bad Security Descriptor Local Privilege Escalation

South River Technologies WebDrive Service Bad Security Descriptor Local Privilege Escalation. This module exploits a privilege escalation vulnerability in South River Technologies WebDrive. Due to an empty security descriptor, a local attacker can gain elevated privileges. Tested on South River...

Persits XUpload ActiveX MakeHttpRequest Directory Traversal

$Id: persitsxuploadtraversal.rb 7760 2009-12-08 21:24:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

EasyMail Objects EMSMTP.DLL 6.0.1 ActiveX Control Remote Buffer Overflow Vulnerability

No description provided by source. !-- Postcast Server Pro 3.0.61 / Quiksoft EasyMail SMTP Object emsmtp.dll 6.0.1 remote buffer overflow exploit ie6 / xp sp2 version passing more than 539 chars to SubmitToExpress method: EAX 00000400 ECX 0013DD24 ASCII "Error Creating File: AAAA ... EDX C0403FFF...

EasyMail Objects EMSMTP.DLL 6.0.1 ActiveX Control Remote BOF

Exploit for unknown platform in category remote exploits ====================================================================================== EasyMail Objects EMSMTP.DLL 6.0.1 ActiveX Control Remote Buffer Overflow Vulnerability...

google apps googleapps.url.mailto:// uri handler cross-browser remote command execution exploit &#40;IE&#41;

google apps googleapps.url.mailto:// uri handler cross-browser remote command execution exploit Internet Explorer by nine:situations:group::pyrokinesis site: http://retrogod.altervista.org/ software site: http://pack.google.com/intl/it/packinstaller.html tested against: Internet Explorer 8, windo...

EPSON Status Monitor 3 Privilege Escalation

------- EPSON Status Monitor 3 local privilege escalation vulnerability -------- by Nine:Situations:Group::bruiser site: http://retrogod.altervista.org/ -------------------------------------------------------------------------------- After that pyrokinesis found:...

ICQ 6.5 URL Search Hook (Windows Explorer) Remote BOF PoC

No description provided by source. ?php / ICQ 6.5 URL Search Hook/ICQToolBar.dll .URL file processing Windows Explorer remote buffer overflow poc by Nine:Situations:Group::pyrokinesis site: http://retrogod.altervista.org/ If the resulting file is placed on the desktop, against ex. xp sp3 process...

ICQ 6.5 - URL Search Hook (Windows Explorer) Remote Buffer Overflow (PoC)

g f44.104: Access violation - code c0000005 !!! second chance !!! eax=02100068 ebx=772a23c1 ecx=0210cefa edx=00000823 esi=00610061 edi=00000000 eip=772a533f esp=0210cec0 ebp=0210cec4 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000...

ICQ 6.5 - URL Search Hook (Windows Explorer) Remote Buffer Overflow (PoC)

ICQ 6.5 - URL Search Hook Windows Explorer Remote Buffer Overflow PoC g f44.104: Access violation - code c0000005 !!! second chance !!! eax=02100068 ebx=772a23c1 ecx=0210cefa edx=00000823 esi=00610061 edi=00000000 eip=772a533f esp=0210cec0 ebp=0210cec4 iopl=0 nv up ei pl nz na po nc cs=001b ss=00...

Dokuwiki 2009-02-14 - TemporaryRemote File Inclusion

Dokuwiki 2009-02-14 - TemporaryRemote File Inclusion Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit tested and working I was reading: http://www.milw0rm.com/exploits/8781 by girex quote It's not a RFI couse use of fileexists function. /quote How wrong brother! trick 1 ftp:// wrapper...