1355 matches found
Microsoft Word Document - Malformed Pointer (PoC)
===== The file I have attached is a very basic two stage bug. stage 1 the first mod forces the code down a wrong path. the second mod by itsself is harmless, however when used with the first it will be the first and part of the second overwrite. I have use 41414141 as a marker to make it easier f...
IRIX Multiple Buffer Overflow Exploits (LsD)
No description provided by source. / copyright by / / Last Stage of Delirium, Dec 1996, Poland/ include stdio.h include stdlib.h include fcntl.h define BUFSIZE 2068 define OFFS 800 define ADDRS 3 define ALIGN 0 define ALIGN2 4 char...
IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) /usr/lib/print/netprint Local Exploit
No description provided by source. !/bin/sh copyright LAST STAGE OF DELIRIUM jul 2000 poland ://lsd-pl.net/ /usr/lib/print/netprint This code gets released due to another post to the Bugtraq mailing list. For IRIX 6.3 and above this privilage escalation attack can be conducted by local lp users...
linux/x86 socket-proxy shellcode 372 bytes
No description provided by source. /--------------------------------------------------------------------------- 372 byte socket-proxy shellcode by Russell Sanford - [email protected] --------------------------------------------------------------------------- filename: x86-linux-bounce-proxy.c date:...
linux/x86 socket-proxy shellcode 372 bytes
Exploit for linux/x86 platform in category shellcode ========================================== linux/x86 socket-proxy shellcode 372 bytes ========================================== /--------------------------------------------------------------------------- 372 byte socket-proxy shellcode by...
linux/x86 socket-proxy shellcode 372 bytes
linux/x86 socket-proxy shellcode 372 bytes. Shellcode exploit for linx86 platform /--------------------------------------------------------------------------- 372 byte socket-proxy shellcode by Russell Sanford - [email protected]...
Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
No description provided by source. !/usr/bin/python PRE AUTHENTICATION Eudora Qualcomm WorldMail 3.0 IMAPd Service 6.1.19.0 Overflow. Discovered by Tim Shelton - [email protected] Coded by [email protected] Details: SEH gets overwritten at 970 bytes in the LIST command. No space...
MailEnable Enterprise Edition 1.1 (EXAMINE) Buffer Overflow Exploit
Exploit for unknown platform in category remote exploits =================================================================== MailEnable Enterprise Edition 1.1 EXAMINE Buffer Overflow Exploit =================================================================== !/usr/bin/python Remote Mailenable...
linux/x86 dup20,0; dup20,1; dup20,2; 15 bytes
linux/x86 dup20,0; dup20,1; dup20,2; 15 bytes. Shellcode exploit for linx86 platform / dup2loop-core.c by Charles Stevenson I made this as a chunk you can paste in to make modular remote exploits. I usually combine this with an execve as the second stage of a read jmp %esp / char hellcode = /...
FreeBSD : Cyrus IMAPd -- APPEND command uses undefined programming construct (31952117-3d17-11d9-8818-008088034841)
To support MULTIAPPENDS the cmdappend handler uses the global stage array. This array is one of the things that gets destructed when the fatal function is triggered. When the Cyrus IMAP code adds new entries to this array this is done with the help of the postfix increment operator in combination...
CVE-2004-2165
Lords of the Realm III 1.01 and earlier, when in the lobby stage, allows remote attackers to cause a denial of service crash from unallocated memory write via a long user nickname...
Subversion 0.3.7/1.0.0 - Remote Buffer Overflow
/ hoagiesubversion.c Remote exploit against Subversion-Servers. Author: greuff Tested on Subversion 1.0.0 and 0.37 Algorithm: This is a two-stage exploit. The first stage overflows a buffer on the stack and leaves us 60 bytes of machine code to be executed. We try to find the socket-fd there and...
IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) /usr/lib/print/netprint Local Exploit
Exploit for irix platform in category local exploits ======================================================================= IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 /usr/lib/print/netprint Local Exploit ======================================================================= !/bin/sh copyright LAST STAGE ...
SGI IRIX - 'LsD' Multiple Local Buffer Overflows
/ copyright by / / Last Stage of Delirium, Dec 1996, Poland/ include include include define BUFSIZE 2068 define OFFS 800 define ADDRS 3 define ALIGN 0 define ALIGN2 4 char...
The first stage of the WER protocol is not SSL encrypted in Windows
None None...