MOPB-array.txt

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

caid-msgeng.txt

!/usr/bin/python This one was listed in the SANS TOP 20 and I needed an exploit for analysis. I couldnt find a reliable exploit for my analysis and so came up with this. Remote exploit for the CA BrightStor msgeng.exe service stack overflow vulnerability as described in LS-20060330.pdf on...

oracle 10g (PROCESS_DUP_HANDLE) Local Privilege Elevation (win32)-vulnerability warning-the black bar safety net

include windows. h include stdio. h BOOL InjectShellcodeDWORD oldEIP,CHAR oSID HMODULE hKernel; FARPROC pCreateProc; LPSTR sCommand="cmd.exe"; DWORD dwStrLen; CHAR buff1 0 0; dwStrLen=strlensCommand; hKernel=LoadLibrary"Kernel32.dll"; pCreateProc=GetProcAddresshKernel,"CreateProcessA"; strcpybuff...

CA BrightStor ARCserve (msgeng.exe) Remote Stack Overflow Exploit

No description provided by source. !/usr/bin/python This one was listed in the SANS TOP 20 and I needed an exploit for analysis. I couldnt find a reliable exploit for my analysis and so came up with this. Remote exploit for the CA BrightStor msgeng.exe service stack overflow vulnerability as...

MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability

Summary The sessionregenerateid function that is used to generate a new session identifier fails to clear an already freed pointer to the former session identifier before calling the session identifier generator. When this generator triggers an error this can result in a double free that is easil...

PHP <= 4.4.6 / 5.2.1 array_user_key_compare() ZVAL dtor Local Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / //...

CA BrightStor ARCserve - msgeng.exe Remote Stack Overflow

CA BrightStor ARCserve - msgeng.exe Remote Stack Overflow !/usr/bin/python This one was listed in the SANS TOP 20 and I needed an exploit for analysis. I couldnt find a reliable exploit for my analysis and so came up with this. Remote exploit for the CA BrightStor msgeng.exe service stack overflo...

CA BrightStor ARCserve (msgeng.exe) Remote Stack Overflow Exploit

Exploit for unknown platform in category remote exploits ================================================================= CA BrightStor ARCserve msgeng.exe Remote Stack Overflow Exploit ================================================================= !/usr/bin/python This one was listed in the...

PHP <= 4.4.6 / 5.2.1 array_user_key_compare() ZVAL dtor Local Exploit

Exploit for linux platform in category local exploits ===================================================================== PHP = 4.4.6 / 5.2.1 arrayuserkeycompare ZVAL dtor Local Exploit ===================================================================== ?php...

CA BrightStor ARCserve - &#039;msgeng.exe&#039; Remote Stack Overflow

!/usr/bin/python This one was listed in the SANS TOP 20 and I needed an exploit for analysis. I couldnt find a reliable exploit for my analysis and so came up with this. Remote exploit for the CA BrightStor msgeng.exe service stack overflow vulnerability as described in LS-20060330.pdf on...

PHP 4.4.65.2.1 - array_user_key_compare() ZVAL dtor Local Overflow

PHP 4.4.65.2.1 - arrayuserkeycompare ZVAL dtor Local Overflow ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code...

OpenBSD ICMPv6 Fragment Remote Execution Exploit PoC

No description provided by source. The PoC executes the shellcode int 3 and returns. It overwrites the extfree function pointer on the mbuf and forces a mfreem on the overflowed packet. The Impacket library is used to craft and send packets http://oss.coresecurity.com/projects/impacket.html or...

WarFTP 1.65 (USER) Remote Buffer Overflow SEH Overflow Exploit

Exploit for unknown platform in category remote exploits ============================================================== WarFTP 1.65 USER Remote Buffer Overflow SEH Overflow Exploit ==============================================================...

WarFTP 1.65 (Windows 2000 SP4) - USER Remote Buffer Overflow (Perl)

WarFTP 1.65 Windows 2000 SP4 - USER Remote Buffer Overflow Perl =============================================================================================== WarFTP 1.65 USER Remote Buffer Overflow SEH overflow Exploit By Umesh Wanve...

WarFTP 1.65 (USER) Remote Buffer Overflow Exploit (win2k SP4)

No description provided by source. !/usr/bin/python Remote exploit for WarFTP 1.65. Tested on Windows 2000 server SP4 inside VMware. A trivially exploitable stack overflow is present in WarFTP which can be triggered by sending a long username 480 bytes along with the USER...

WarFTP 1.65 (USER) Remote Buffer Overflow Exploit (win2k SP4)

Exploit for unknown platform in category remote exploits ============================================================= WarFTP 1.65 USER Remote Buffer Overflow Exploit win2k SP4 ============================================================= !/usr/bin/python Remote exploit for WarFTP 1.65. Tested on...

WarFTP 1.65 (Windows 2000 SP4) - USER Remote Buffer Overflow (Python)

WarFTP 1.65 Windows 2000 SP4 - USER Remote Buffer Overflow Python !/usr/bin/python Remote exploit for WarFTP 1.65. Tested on Windows 2000 server SP4 inside VMware. A trivially exploitable stack overflow is present in WarFTP which can be triggered by sending a long username 480 bytes along with th...

PHP 5.2.0/5.2.1 Rejected Session ID Double Free Exploit

Exploit for linux platform in category local exploits ======================================================= PHP 5.2.0/5.2.1 Rejected Session ID Double Free Exploit ======================================================= ?php //////////////////////////////////////////////////////////////////////...

PHP 5.2.0 (OSX) - EXTFilter Space Trimming Buffer Underflow

PHP 5.2.0 OSX - EXTFilter Space Trimming Buffer Underflow ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from...

Oracle 10g (Windows x86) - &#039;PROCESS_DUP_HANDLE&#039; Local Privilege Escalation

// Argeniss - Information Security // // Oracle Database local elevation of privileges PoC exploit // // Author: Cesar Cerrudo include include BOOL InjectShellcodeDWORD oldEIP,CHAR oSID HMODULE hKernel; FARPROC pCreateProc; LPSTR sCommand="cmd.exe"; DWORD dwStrLen; CHAR buff100;...