7260 matches found
Linux x86 - execve("/bin/bash","-p",NULL) - 33 bytes
No description provided by source. / Title: Linux x86 - execve/bin/bash, /bin/bash, -p, NULL - 33 bytes Author: Jonathan Salwan Mail: [email protected] Web: http://www.shell-storm.org !Database of Shellcodes http://www.shell-storm.org/shellcode/ sh sets euid, egid to uid, gid if -p not...
MailMax <= 4.6 - POP3 "USER" Remote Buffer Overflow Exploit (No Login Needed)
No description provided by source. !/usr/bin/python MailMax =v4.6 POP3 USER Remote Buffer Overflow Exploit No Login Needed Newer version's not tested, maybe vulnerable too A hard one this, the shellcode MUST be lowercase. Plus there are many opcode's that break the payload and opcodes that gets...
Dream FTP 1.2 - Remote Format String Exploit
No description provided by source. include stdio.h include sys/types.h include sys/socket.h include netinet/in.h // WIN NT/2K/XP cmd.exe shellcode // kernel32.dll baseaddress calculation: OS/SP-independent // string-save: 00, 0a and 0d free. // portbinding: port 28876 // looping: reconnect after...
WinXP SP2 Fr Download and Exec Shellcode
No description provided by source. Exploit Title winxp sp2 fr download & exec :: Date 06/5/2010 Author : CrackMaN :: code: ;------------------------------------------- .586 .model flat,stdcall option casemap:none include windows.inc include user32.inc include kernel32.inc include shell32.inc...
OllyDBG 1.10 and ImpREC 1.7f - (export name) BOF PoC
No description provided by source. ;-------------------------------------------------------------------------; ; OllyDBG v1.10 and ImpREC v1.7f export name buffer overflow vulnerability ; PoC probably older versions affected too, not tested though. ; ; Included shellcode shows a messagebox WinXP...
Linux x86 execve("/usr/bin/wget", "aaaa"); - 42 bytes
No description provided by source. / Title: Linux x86 execve/usr/bin/wget, aaaa; - 42 bytes Author: Jonathan Salwan submit AT shell-storm.org Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan !Database of Shellcodes http://www.shell-storm.org/shellcode/ 08048054 .text:...
RedHat Linux 5.0/5.1/5.2,Slackware Linux <= 3.5 klogd Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/398/info It is possible to cause a denial of service remote and local through generating old, obscure kernel messages not terminated with \n in klogd. The problem exists because of a buffer overflow in the klogd handling ...
AIMP2 Audio Converter <= 2.53 build 330 Playlist (.pls) Unicode BOF
No description provided by source. !/usr/bin/python Author contact : seeleymagicathotmaildotcom For educational purposes only You have been warned My original crash breakdown: EAX 001B0020 UNICODE AAAAAAAAAAAAAAAAAAAA ECX 00000273 EDX 00000C4C EBX 00000000 ESP 0012DCA8 EBP 0012DD64 ESI 001B6610...
Real Networks GameHouse dldisplay ActiveX control 0 Port Buffer Overflow (1)
No description provided by source. source: http://www.securityfocus.com/bid/767/info At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administration feature. To access this feature, the corre...
AT-TFTP <= 1.9 (Long Filename) Remote Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl -w acaroatjervus.it http://www.securityfocus.com/bid/21320 [email protected] is credited with the discovery of this vulnerability use IO::Socket; if!$ARGV1 print Uso: atftp-19.pl victim port\n\n; exit; $victim = IO::Socket::INET-newProto='udp',...
SGI IRIX <= 6.4 permissions Buffer overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/417/info A buffer overrun exists in the permissions program, as shipped by Silicon Graphics with the 5.x and 6.x Irix operating system. By supplying a long, well crafted buffer as the 4th argument to the program, arbitrar...
UplusFtp Server 1.7.0.12 - Remote Buffer Overflow
No description provided by source. !/usr/bin/python Title: UplusFtp Server 1.7.0.12 Remote Buffer Overflow Date: 02-03-2010 Author: b0telh0 Link: http://easyftpsvr.googlecode.com/files/uplusftp-server-1.7.0.12-en.zip Tested on: Windows XP SP3 CWD, DELE, LIST, MKD, NLST and etc commands are also...
Free CD to MP3 Converter 3.1 - Buffer Overflow Exploit (SEH)
No description provided by source. Exploit Title: Free CD to MP3 Converter 3.1 Buffer Overflow Exploit SEH Date: 10/18/10 Credit/Bug found by: C4SS!0 G0M3S Software Link: http://www.eusing.com/Download/cdtomp3freeware.exe Version: 3.1 Tested on: Windows XP SP3 EN VMWARE FUSION - Version 3.1.1 CVE...
ABBS Electronic Flash Cards 2.1 .fcd Buffer Overflow Exploit
No description provided by source. Exploit Title: ABBS Electronic Flash Cards Buffer Overflow Exploit Software Link: http://abbs.qsnx.net/downloads/abbs-flashcards.zip Version: 2.1 triggering details : open the app, go to test, click on random, and start test, then chose the fcd file, and booom...
Mac OS X <= 10.4.7 fetchmail Privilege Escalation Exploit (ppc)
No description provided by source. !/usr/bin/perl getpwnedmail.pl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom This is a canibalized version of Kansas City POP Daemon Version 0.0 - Copyright c 1999 David Nicol [email protected] kevin-finisterres-mac-mini:...
Solaris/x86 - Remote Download file - 79 bytes
No description provided by source. / Title: Solaris/x86 - Remote Download file - 79 bytes Author: Jonathan Salwan submit ! shell-storm.org Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan !Database of Shellcodes http://www.shell-storm.org/shellcode/ Date: 2010-05-25...
Linux/x86 - Disable randomize stack addresse - 106 bytes
No description provided by source. / Title: Linux/x86 - Disable randomize stack addresse - 106 bytes Set randomizevaspace to zero Author: Jonathan Salwan submit ! shell-storm.org Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan !Database of Shellcodes...
Solaris/x86 - Halt shellcode - 36 bytes
No description provided by source. / Title: Solaris/x86 - Halt shellcode - 36 bytes Auhtor: Jonathan Salwan submit AT shell-storm.org Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan Date: 2010-05-20 Tested: SunOS opensolaris 5.11 snv111b i86pc i386 i86pc Solaris !Databa...
Linux/x86 pwrite("/etc/shadow", hash, 32, 8) Shellcode 83
No description provided by source. / | Title: Linux/x86 pwrite/etc/shadow, hash, 32, 8 Shellcode 83 Bytes | Description: replace root's password with hash of agix in MD5 | Type: Shellcode | Author: agix | Platform: Linux X86 / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-...
Allwin WinExec cmd.exe + ExitProcess Shellcode - 195 bytes
No description provided by source. / Title: Allwin WinExec cmd.exe + ExitProcess Shellcode - 195 bytes Date: 2010-06-25 Author: RubberDuck Web: http://bflow.security-portal.cz Tested on: Win 2k, Win 2003, Win XP Home SP2/SP3 CZ/ENG 32, Win Vista 32/64, Win 7 32/64, Win 2k8 32 Thanks to:...