7259 matches found
MS Windows 2000 sp1/sp2 isapi - .printer Extension Overflow Exploit (2)
No description provided by source. / IIS 5 remote .printer overflow. jill.c don't ask. by: dark spyrit [email protected] respect to eeye for finding this one - nice work. shouts to halvar, neofight and the beavuh bitchez. this exploit overwrites an exception frame to control eip and get to our...
Picasm 1.10/1.12 Error Generation Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13698/info Picasm is affected by a remote buffer overflow vulnerability. An attacker can exploit this issue by supplying an excessive 'error' directive. If successfully exploited, this issue can allow a remote attacker to...
SlimFTPd <= 3.16 Remote Buffer Overflow Exploit
No description provided by source. / Written by redsand [email protected] Jul 22, 2005 Vulnerable: SlimFtpd v3.15 and v3.16 origional vuln found by: Usage: ./redslim 127.0.0.1 OS RET / include stdio.h include stdlib.h include string.h ifdef WIN include winsock2.h include windows.h // pragma lib...
Half-Life StatsMe 2.6.x Plug-in MakeStats Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6578/info The Half-Life StatsMe plug-in is prone to an exploitable format string vulnerability. This issue may be exploited by an attacker who can authenticate with the rcon-password of the Half-Life server to execute...
Easy~Ftp Server 1.7.0.2 - Post-Authentication BoF (PoC)
No description provided by source. !/usr/bin/python Title: EasyFtp Server v1.7.0.2 Post-Authentication BoF PoC From: The eh?-Team || The Great White Fuzz we're not sure yet Found by: loneferret Hat's off to dookie2000ca Date Found: 13/02/2010 Developer contacted: 14/02/2010 Software link:...
Yahoo Player 1.0 - (.m3u) Buffer Overflow Exploit
No description provided by source. Title: Yahoo Player v1.0 .m3u Buffer Overflow Exploit direct EIP overwrite Date: 2010-03-07 Author: BombardMr. tro0oqy originally discovered it, and gave a SEH Version:1.0 Tested on: Windows XP SP2 CVE: my $file=crash.m3u; my $junkA=Ax2080; my...
phf buffer overflow exploit for Linux-x86
No description provided by source. / | phx.c -- phf buffer overflow exploit for Linux-ix86 | Copyright c 2000 by proton. All rights reserved. | | This program is free software; you can redistribute it and/or modify | it under the terms of the GNU General Public License as published by | the Free...
Novell NCP Pre-Auth Remote Root Exploit
No description provided by source. In the interest of full-disclosure, here is a remote exploit for the vulnerability found by David Klein: Demonstration Novell NCP Pre-Auth Remote Stack Buffer Overflow Connecting to host 127.0.0.1... Connected! Sending message 1 23 bytes -- 44 6d 64 54 00 00 00 ...
RedHat Linux 5.0/5.1/5.2,Slackware Linux <= 3.5 klogd Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/398/info It is possible to cause a denial of service remote and local through generating old, obscure kernel messages not terminated with \n in klogd. The problem exists because of a buffer overflow in the klogd handling ...
14 Bytes execve("a->/bin/sh") Local-only Shellcode
No description provided by source. include stdio.h include string.h / by Magnefikko 17.04.2010 [email protected] Promhyl Studies :: http://promhyl.oz.pl Subgroup: PRekambr Name: 14 bytes execvea-/bin/sh local-only shellcode Platform: Linux x86 execvea, 0, 0; $ ln -s /bin/sh a $ gcc...
linux/x86 chmod("/etc/shadow",666) & exit(0) 30 bytes
No description provided by source. / Linux/x86 - chmod/etc/shadow,666 & exit0 Info reg ------------------ %eax = 15 %ebx = /etc/shadow %ecx = 666 %eax = 1 %ebx = 0 Shellcode 30 bytes Author: Jonathan Salwan submit AT shell-storm.org Web: http://www.shell-storm.org Disassembly of section .text:...
WinXP SP2 Fr Download and Exec Shellcode
No description provided by source. Exploit Title winxp sp2 fr download & exec :: Date 06/5/2010 Author : CrackMaN :: code: ;------------------------------------------- .586 .model flat,stdcall option casemap:none include windows.inc include user32.inc include kernel32.inc include shell32.inc...
Destiny Media Player 1.61 - (.m3u File) Local Stack Overflow Exploit
No description provided by source. usage: exploit.py After creating the m3u file, start the program then File Open Playlist exploit.m3u print print Destiny Media Player 1.61 .m3u File Local Stack Overflow Exploit\n print Founder: aBo MoHaMeD print exploit & code: His0k4 print Tested on: Windows X...
linux/x86 chmod(/etc/shadow, 0666) + exit() 32 bytes
No description provided by source. / linux/x86 chmod/etc/shadow, 0666 + exit - 32 bytes - izik [email protected] / char shellcode = \x6a\x0f // push $0xf \x58 // pop %eax \x31\xc9 // xor %ecx,%ecx \x51 // push %ecx \x66\xb9\xb6\x01 // mov $0x1b6,%cx \x68\x61\x64\x6f\x77 // push $0x776f6461...
Linux x86 egghunt shellcode
No description provided by source. / Exploit Title: Linux/x86 egghunt shellcode 29 bytes NULL free Date: 23-07-2011 Author: Ali Raheem Tested on: Linux Ali-PC.home 2.6.38.8-35.fc15.x8664 1 SMP Wed Jul 6 13:58:54 UTC 2011 x8664 x8664 x8664 GNU/Linux Linux injustice 2.6.38-10-generic 46-Ubuntu SMP...
Citrix Presentation Server Client WFICA.OCX ActiveX - Heap BOF Exploit
No description provided by source. !-- Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit Vulnerability discovered by Andrew Christensen and Aaron Portnoy http://www.securityfocus.com/bid/21458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6334...
linux/x86 execve /bin/sh setreuid(12,12) 50 bytes
No description provided by source. / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12, 12; / include stdio.h char c0de = / main: / / setregid12, 12; / \x29\xc0 / subl %eax, %eax / \xb0\x47 / movb $71, %al / \x29\xdb / subl %ebx, %ebx / / Here's the GI...
Solaris 7.0 CDE dtmail/mailtool Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/832/info here are three buffer overflow vulnerabilities in the CDE mail utilities, all of which are installed sgid mail by default. The first is exploited through overrunning a buffer in the Content-Type: field, which wou...
Live For Speed 2 Version Z .Mpr - Local buffer Overflow Exploit
No description provided by source. / Live For Speed 2 Version Z .Mpr Local buffer Overflow Exploit !! X version .mpr header specifications can be found at http://www.lfs.net/?page=MPR Version :Patch Z and all previous versions. Vendor :http://www.lfs.net/ Release date: July 14th 2009 Patch for th...
Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or...