PT-2026-35987

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler SEH chain exploitation. Attackers can craft a malicious URL file that, when imported through the File Import Import...

CVE-2019-25661 Remote Process Explorer 1.0.0.16 Local Buffer Overflow DoS

Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to th...

CVE-2019-25661

Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to th...

CVE-2018-25255

10-Strike LANState 8.8 has a local buffer overflow in structured exception handling. An attacker can craft a malicious LSM map file with a payload in the ObjCaption parameter to overflow a buffer, overwrite the SEH chain, and execute shellcode when the file is opened in LANState. This vulnerabili...

CVE-2018-25213

Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers can craft a payload with SEH chain overwrite and inject shellcode through the DNS Query...

CVE-2019-25569

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler SEH chain corruption. Attackers can craft a malicious input string with 268 bytes of...

CVE-2019-25569 RealTerm Serial Terminal 2.0.0.70 SEH Overflow Crash

RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler SEH chain corruption. Attackers can craft a malicious input string with 268 bytes of...

CVE-2020-36997

BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler SEH chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining...

QuickZip V4. 60 buffer overflow vulnerability details-vulnerability warning-the black bar safety net

This article will provide the reader a detailed description QuickZip v4. 60 buffer overflow vulnerability knowledge. Due to the vulnerabilities in 2010 appeared, so it's designed only for 32-bit Windows XP. So, I decided to try it in 64-bit Windows 7 reproduce the vulnerability, it would be a fun...

DameWare mini remote control Vulnerability CVE-2 0 1 6-2 3 4 5: let you play with remote controller-vulnerability warning-the black bar safety net

! In doing a security assessment, we often encounter some allow an administrator on the network remote management system software. Although very convenient, but a variety of package leads to the remote access system, there are some security risks. In this article, we will detail the way in a plac...

PictBear Buffer Overflow Vulnerability

PictBear is image processing software for general users, known as the simple version of PHOTOSHOP. A buffer overflow vulnerability exists in the impBmp.ppi module of the software, which allows an attacker to exploit the vulnerability to construct a malformed BMP image that can lead to flooding of...

Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption

No description provided by source. $Id: msvidctlmpeg2.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

TEC-IT TBarCode OCX ActiveX Control (TBarCode4.ocx 4.1.0) - Crash PoC

No description provided by source. Exploit Title: TEC-IT TBarCode OCX ActiveX Control TBarCode4.ocx 4.1.0 dos poc Date: 29.7.2013 Exploit Author: d3b4g Vendor Homepage:http://www.tec-it.com/en/start/Default.aspx Software Link: http://www.tec-it.com/en/start/Default.aspx Tested on: Windows XP SP3...

Immunity Debugger Stack Overflow Vulnerability – PoC

Title : Immunity Debugger – Crash POC Name: Immunity Debugger v1.85 SEH Chain Stack Overflow Discoverer: Veysel HATAŞ email protected Vendor: Immunity Inc Systems Affected: Windows Risk: Low Status: Not Fixed Discovered: 05 January 2014 Reported: 06 January 2014 Published: 20 March 2014...

Exploit writing tutorial part 3b - SEH Based Exploits - just another example

Автор: Peter Van Eeckhoutte corelanc0d3r Перевод: peaZ 8/2011 В предыдущей части руководства я объяснил основы создания SEH-эксплойтов. Я упомянул, что в самом простом случае полезная нагрузка SEH-эксплойта имеет такую структуру: junknextSEHSEHShellcode Я указал, что SEH должен быть перезаписан...

WinZip 15.0 - WZFLDVW.OCX Text Property Denial of Service

Exploit Title: Winzip WZFLDVW.OCX text property access violation Author: fady mohamed osman Software Link : http://www.winzip.com/downwz.htm Version: 15.0 Build 9334 Tested on: Win XP Sp2 CVE : N/A Website : http://www.darkmasters.co.cc/ Twitter : http://twitter.com/FadyOsman 'Wscript.echo...

LEADTOOLS 11.5.0.9 Access Violation

===================================== Test Exploit Page targetFile = "C:\Program Files\Rational\common\ltdlg11n.ocx" prototype = "Function GetColorRes ByVal hWnd As Long As Integer" memberName = "GetColorRes" progid = "LEADDlgLib.LEADDlg" argCount = 1 arg1=-1 target.GetColorRes arg1 Exception Cod...

eDisplay Personal FTP server 1.0.0 Multiple Post-Authentication Crash

Exploit for windows platform in category dos / poc =========================================================================== eDisplay Personal FTP server 1.0.0 Multiple Post-Authentication Crash PoC =========================================================================== Title: eDisplay...

EasyFTP Server 1.7.0.2 - (Authenticated) Buffer Overflow (SEH) (PoC)

!/usr/bin/python Title: EasyFtp Server v1.7.0.2 Post-Authentication BoF SEH PoC From: The eh?-Team || The Great White Fuzz we're not sure yet Found by: loneferret Hat's off to dookie2000ca Date Found: 13/02/2010 Developer contacted: 14/02/2010 Software link:...

edraw-activex.txt

-------------------------------------------------------------------------------------------------------------- 0-day EDraw Office Viewer Component 5.2 officeviewer.ocx v. 5.2.218.1 "HttpDownloadFileToTempDir" Remote Buffer Overflow url: http://www.ocxt.com/officeviewer.php author: shinnai mail:...