MySQL 4.x/5.0 (Windows) - User-Defined Function Command Execution

-- raptorwinudf.sql - A MySQL UDF backdoor kit for Windows -- Copyright c 2007 Marco Ivaldi -- -- This is a MySQL backdoor kit for Windows based on the UDFs User Defined -- Functions mechanism. Use it to spawn a reverse shell netcat UDF on port -- 80/tcp or to execute single OS commands exec UDF...

MySQL 4.x/5.0 User-Defined Function Command Execution Exploit (win)

Exploit for unknown platform in category remote exploits =================================================================== MySQL 4.x/5.0 User-Defined Function Command Execution Exploit win =================================================================== -- raptorwinudf.sql - A MySQL UDF...

FreeBSD : sircd -- remote reverse DNS buffer overflow (1374b96c-a1c2-11db-9ddc-0011098b2f36)

Secunia reports : A vulnerability in sircd can be exploited by a malicious person to compromise a vulnerable system. The vulnerability is caused by a boundary error in the code handling reverse DNS lookups, when a user connects to the service. If the FQDN Fully Qualified Domain Name returned is...

Izik : Reverse Engineering with LD_PRELOAD

July, 06 2005г.| Izik Reverse Engineering with LDPRELOAD This paper is about the LDPRELOAD feature, and how it can be useful for reverse engineering dynamically linked executables. This technique allows you to hijack functions/inject code and manipulate the application flow. Compiling Methods...

Mercur Messaging 2005 IMAP Login Buffer Overflow

This module exploits a stack buffer overflow in Atrium Mercur IMAP 5.0 SP3. Since the room for shellcode is small, using the reverse ordinal payloads yields the best results. This module requires Metasploit: https://metasploit.com/download Current source:...

PHP Command, Double Reverse TCP Connection (via Perl)

Creates an interactive shell via perl This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Php include...

Apache Httpd < 2.0.61 : mod_proxy crash

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

Digipass Go3 Token Dumper &#40;at least for 2006&#41;

The initial reverse engineering of Vasco’s Digipass Go3 algorithm follows in C++. I think this implementation is a "rough" approximation, if we take some limitations about 2006 and the calculations made into account. Or I'm just joking… : This generator was able to predict an "otp" collision,...

Kaspersky Internet Security 6.0.0.303 IOCTL KLICK Local Exploit

Exploit for unknown platform in category local exploits =============================================================== Kaspersky Internet Security 6.0.0.303 IOCTL KLICK Local Exploit =============================================================== //////////////////////////////////// ///// AVP...

MS Windows 2000 sp1/sp2 isapi .printer Extension Overflow Exploit

No description provided by source. / iishack 2000 - eEye Digital Security - 2001 This affects all unpatched windows 2000 machines with the .printer isapi filter loaded. This is purely proof of concept. Quick rundown of the exploit: Eip overruns at position 260 i have 19 bytes of code to jump back...

Debian DSA-934-1 : pound - several vulnerabilities

Two vulnerabilities have been discovered in Pound, a reverse proxy and load balancer for HTTP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-1391 : Overly long HTTP Host: headers may trigger a buffer overflow in the addport function, which may lea...

To bypass the firewall of the reverse connection Alarm-vulnerability warning-the black bar safety net

Author: Polymorphours Email: [email protected] Homepage:http://www. whitecell. org Date: 2005-11-17 / Author: Polymorphours Date: 2005/1/10 Another will be your own code injected into the puppet of the process of the method, with the rebound Trojan can bypass the firewall Reverse...

security flaw

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address...

Free kill often with a few important tools-vulnerability warning-the black bar safety net

C32Asm V0. 4. 1 2 C32Asm is set reverse assemble, 1 6 hex tools, Hiew modify the features and integration PE Explorer 1.98 Powerful resource tool, can directly Browse and modify the software resources, including menus, dialog boxes, string tables, etc.; in addition, also equipped with W32DASM...

WS_FTP LE 5.08 (PASV response) Remote Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ============================================================= WSFTP LE 5.08 PASV response Remote Buffer Overflow Exploit ============================================================= / wsexp.c WSFTP LE 5.08 PASV response 0day buffer overflo...

Ipswitch WS_FTP LE 5.08 - PASV Response Remote Buffer Overflow

/ wsexp.c WSFTP LE 5.08 PASV response 0day buffer overflow exploit Coded by h07 Tested on XP SP2 Polish, 2000 SP4 Polish Example: C:\wsexp 1 192.168.0.1 4444 WSFTP LE 5.08 PASV response 0day buffer overflow exploit Coded by h07 + Listening on 21 + Connection accepted from 192.168.0.3 + Client...

VulnCheck KEV: CVE-2004-1464

Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell RSH, Secure Shell SSH, and in some cases, Hypertext Transport Protocol HTTP access to the Cisco device...

Generic Command Shell, Reverse TCP Inline

Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 0 include Msf::Payload::Single include Msf::Payload::Generic def initializeinfo =...

Texas Imperial Software WFTPD 3.23 - &#039;SIZE&#039; Remote Buffer Overflow

/ wftpdexp.c WFTPD server 3.23 SIZE 0day remote buffer overflow exploit coded by h07 tested on XP SP2 polish, 2000 SP4 polish example.. C:\wftpdexp 0 0 192.168.0.2 h07 open 192.168.0.1 4444 WFTPD server 3.23 SIZE 0day remote buffer overflow exploit coded by h07 FTP response: 331 Give me your...

barracudaExec.txt

Severity: High - Full system compromise possible Date: 04 August 2006 Discovered by: Matthew Hall [email protected] Credits for original discovery to Greg Sinclair Discovered on: 03 Aug 2006 Summary: Lack of input sanitisation in the Linux based Barracuda spam firewall web interface allows executio...