15 matches found
MPlayer Lite r33064 Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MPlayer Lite M3U Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability in MPlayer Lite r33064,...
Exploit for CVE-2022-26809
Cve-2022-26809 CVE-2022-26809 This repo just simply resear...
Calling Local Windows RPC Servers from .NET
Posted by James Forshaw, Project Zero As much as I enjoy finding security vulnerabilities in Windows, in many ways I prefer the challenge of writing the tools to make it easier for me and others to do the hunting. This blog post gives an overview of using some recent tooling I’ve released as part...
MP3-Nator-Buffer-Overflow
Exploit Title: Exploit Buffer Overflow MP3-Nator SEH - DEP BYPASS Date: 18-11-2010 Author: Muhamad Fadzil Ramli Credit/Bug Found By: C4SS!0 G0M3S Software Link: http://files.brothersoft.com/mp3audio/players/mp3nator.zip filename = 'crash.plf' ./msfpayload windows/exec CMD=calc EXITFUNC=seh R |...
MS14-047: Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)
The remote Windows host is affected by a security feature bypass vulnerability in Microsoft Remote Procedure Call LRPC. The vulnerability is due to RPC improperly freeing malformed messages, allowing an attacker to fill up the address space of a process. Successful exploitation of the issue allow...
MP3-Nator - Local Buffer Overflow (SEH) (DEP Bypass)
Exploit Title: Exploit Buffer Overflow MP3-Nator SEH - DEP BYPASS Date: 18-11-2010 Author: Muhamad Fadzil Ramli - mind1355atgmaildotcom Credit/Bug Found By: C4SS!0 G0M3S Software Link: http://www.brothersoft.com/d.php?softid=16524&url=http://files.brothersoft.com/mp3audio/players/mp3nator.zip...
MS10-084: Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)
The LRPC implementation on the remote host has a vulnerability in the way the local LRPC server handles specially crafted LPC messages. A locally, authenticated user could exploit this flaw to elevate his privileges to the NetworkService account. C Tenable Network Security, Inc...
CVE-2007-2228
rpcrt4.dll aka the RPC runtime library in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service RPCSS service stop and system restart via an...
Design/Logic Flaw
rpcrt4.dll aka the RPC runtime library in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service RPCSS service stop and system restart via an...
CVE-2007-2228
The CVE-2007-2228 entry describes a denial-of-service flaw in the RPC runtime library rpcrt4.dll on Windows platforms (XP SP2, XP x64, Server 2003 SP1/SP2, Server 2003 x64, Vista and Vista x64). The vulnerability occurs when parsing RPC authentication messages with NTLMSSP and PACKET level, where...
CVE-2007-2228
rpcrt4.dll aka the RPC runtime library in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service RPCSS service stop and system restart via an...
CA BrightStor ARCserve Backup - Message EngineTape Engine Remote Buffer Overflow
CA BrightStor ARCserve Backup - Message EngineTape Engine Remote Buffer Overflow source: https://www.securityfocus.com/bid/22005/info Computer Associates BrightStor ARCserve Backup is affected by a remote buffer-overflow vulnerability because the application fails to perform proper bounds-checkin...
[NT] Microsoft Windows XP RPC Cache Memory Leak Vulnerabiliry
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Microsoft Exchange Server - Remote Code Execution (MS05-021)
Microsoft Exchange Server - Remote Code Execution MS05-021 !/bin/perl MS05-021 Exchange X-LINK2STATE Heap Overflow Author: Evgeny Pinchuk For educational purposes only. Tested on: Windows 2000 Server SP4 EN Microsoft Exchange 2000 SP3 Thanks and greets: Halvar Flake thx for the right directions...
Microsoft Exchange Server - Remote Code Execution (MS05-021)
!/bin/perl MS05-021 Exchange X-LINK2STATE Heap Overflow Author: Evgeny Pinchuk For educational purposes only. Tested on: Windows 2000 Server SP4 EN Microsoft Exchange 2000 SP3 Thanks and greets: Halvar Flake thx for the right directions Alex Behar, Yuri Gushin, Ishay Sommer, Ziv Gadot and Dave...