SuSE 11.1 Security Update : sysconfig (SAT Patch Number 5618)

sysconfig hook script for NetworkManager did not properly quote shell meta characters when processing ESSIDs. Specially crafted network names could have therefore lead to execution of shell code. CVE-2011-4182 In addition, the following non-security bugs were fixed : - 580018: ip addr flush $ifna...

CoDeSyS-SCADA-Server

CoDeSyS SCADA Exploit. Vulnerability occurs while parsing long HTTP requests in webserver. import string, sys import socket, httplib import telnetlib Target = sys.argv1 Port = intsys.argv2 ShellcodeType = sys.argv3 def howtousage: print "Sorry, required arguments: Host Port" sys.exit-1 def run:...

Linux x86 Blind Port 1122 Connect shell code 101 bytes

No description provided by source. ====================================================== Linux x86 Blind Port 1122 Connect shell code 101 bytes ====================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ ...

linux/x86 Blind Port 1122 Connect shell code 101 bytes

====================================================== Linux x86 Blind Port 1122 Connect shell code 101 bytes ====================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1...

linux/x86 Addnew Users 'root' /etc/passwd shell code 79 bytes

=============================================================== Linux X86 Addnew Users 'Ro0t' /etc/passwd shell code 79 bytes =============================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...

Nomachine NX Server privilege escalation

shell code execution via environment variables manipulation for suid application...

Free Float FTP Server Buffer Overflow

!/usr/bin/python Free Float FTP server Response stack Buffer Overflow Exploit Tested on: Windows Xp SP2. Author Debasish Mandal URL:http://www.facebook.com/raza.whitehat import socket,sys from struct import pack buff = "A" 251 junk = "A"5 nop = "\x90"20 eip = pack'L',0x77F5801C Shell code generat...

Nodesforum 1.059 Remote File Inclusion

Exploit Title: nodesforum 1.059 Remote File Inclusion Vulnerability Google Dork: inurl: powered by Nodesforum Date: 6/23/2011 Author: bd0rk bd0rkathackermail.com Software-Download: http://home.nodesforum.com/download?file=nodesforum1.059withbbcode1.004.zip Tested on: Ubuntu-Linux / WinVista...

Winamp 5.6.1 Install Language SEH Overflow

!/usr/bin/perl --------- Winamp special thanks to : josalijoe exploit-id.com , and All exploit-id Team --------- In Winamp 5.6.1 Install New Language with .wlz file and In File .wlz can Inclusion SEH for Installing ... my $header = "\x50\x4b\x03\x04\x14\x00\x00\x00\x00\x00\x2f\x92\x7b\x3d\xd3\x55...

Feng Office Arbitrary File Upload and Cross Site Scripting Vulnerabilities

Feng Office is prone to an arbitrary-file-upload vulnerability and multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced source...

KingView 6.5.3 SCADA - ActiveX

KingView 6.5.3 SCADA - ActiveX Exploit Title: KingView 6.5.3 SCADA ActiveX Date: March 07 2011 Author: Carlos Mario Penagos Hollmann Software Link: http://download.kingview.com/software/kingview%20English%20Version/kingview6.53EN.rar Version: 6.53 English Tested on: Windows xp sp3 running on VMwa...

openSUSE Security Update : php5-pear-mail (openSUSE-SU-2010:0909-1)

Passing specially crafted $from and $recepient arguments to php5-pear-mail's sendmail.php allowed attackers to inject shell code CVE-2009-4023, CVE-2009-4111. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

Fedora 14 : uzbl-0-0.16.20100626gitafc0f873e.fc14 (2010-12386)

Fix a bug in the default configuration for the mouse bindings that can allow crafted links to execute arbitrary shell code. Please check your local configuration and replace '@SELECTEDURI' with '$8' in any string that is executed as shell code usually involves 'sh 'commandshere'. Note that Tenabl...

Fedora 13 : uzbl-0-0.16.20100626gitafc0f873e.fc13 (2010-12260)

Fix a bug in the default configuration for the mouse bindings that can allow crafted links to execute arbitrary shell code. Please check your local configuration and replace '@SELECTEDURI' with '$8' in any string that is executed as shell code usually involves 'sh 'commandshere'. Note that Tenabl...

SigPlus Pro 3.74 - ActiveX 'LCDWriteString()' Remote Buffer Overflow JIT Spray (ASLR + DEP Bypass)

!-- =================================================================================================== SigPlus Pro v3.74 ActiveX Signature Capture LCDWriteString Remote BoF JIT Spray - aslr/dep bypass Author: mrme - @StevenSeeley Download:...

RapidLeech Scripts Remote Shell Upload

Exploit Title: RapidLeech Scrits Remote File Upload upload shell php Date: 21/07/2010 Author: H-SK33PY Software Link: http://www.rapidleech.com/ Version: all versions Google dork :intitle:"Rx08.ii36B.Rv" Platform / Tested on: linux Category: remote Code : N/A...

Image22 ActiveX v1.1.1 Buffer Overflow Exploit

Exploit for windows platform in category remote exploits ============================================== Image22 ActiveX v1.1.1 Buffer Overflow Exploit ============================================== ' 988 bytes for shellcode ' bind shell port 4444 sc =...

Joomla Real Estate Component Upload Vulnerability

Exploit for php platform in category web applications ================================================= Joomla Real Estate Component Upload Vulnerability ================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ ...

VariCAD 2010-2.05 EN - Local Buffer Overflow

/ Exploit Title: VariCAD 2010-2.05 EN Local buffer overflow : Date: 15 March 2010 Author: n00b Realname: carl cope Software Link: http://www.varicad.com/en/home/ Version: All versions are affected. Tested on: Windows xp sp3,Vista sp2,Linux unbuntu CVE : if exists...

Subversion svn Protocol String Parsing (CVE-2004-0413)

Subversion is a revision control system that handles svn protocol requests. A specially crafted svn request could cause svnserve, the daemon that handles svn protocol requests, to allocate insufficient heap memory and overflow the heap. It is possible for a malicious attacker to run arbitrary cod...