DATAC RealWin <= 2.0 (Build 6.1.8.10) Buffer Overflow Vulnerabilities

No description provided by source. Source: http://aluigi.org/adv/realwin1-adv.txt Luigi Auriemma Application: DATAC RealWin http://www.dataconline.com/software/realwin.php http://www.realflex.com Versions: = 2.0 Build 6.1.8.10 Platforms: Windows Bugs: A stack overflow in SCPCINITIALIZE and...

IBM Forms Viewer Unicode Buffer Overflow

This Metasploit module exploits a stack-based buffer overflow in IBM Forms Viewer. The vulnerability is due to a dangerous usage of strcpy-like function, and occurs while parsing malformed XFDL files, with a long fontname value. This Metasploit module has been tested successfully on IBM Forms...

IBM Forms Viewer栈缓冲区溢出漏洞

CVECAN ID: CVE-2013-5447 IBM Forms Viewer是其中的一个客户端程序，它能够打开、填写、签署、提交和保存XFDL表单，可作为独立的应用程序或以嵌入在Web浏览器内的方式显示表单。 IBM Forms Viewer 4.0.0.3之前的4.x版本和8.0.1.1前的8.x版本中存在基于栈的缓冲区溢出漏洞。远程攻击者可借助特制的XFDL表单利用该漏洞执行任意代码。 0 IBM Forms Viewer 4.0 IBM Forms Viewer 4.0.0.1 IBM Forms Viewer 4.0.0.2 IBM Forms Viewer 8.0 IBM...

Supermicro Onboard IPMI - &#039;close_window.cgi&#039; Remote Buffer Overflow (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Supermicro Onboard IPMI closewindow.cgi Buffer Overflow', 'Description' = %q This module exploits a buffer overflow on the Supermicro...

Supermicro Onboard IPMI close_window.cgi Buffer Overflow

This module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the closewindow.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system from libc with an arbitrary CMD...

ActFax 5.01 RAW Server Buffer Overflow

This module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages without any underlying protocols. To note significant fields in the fax being transferred, like the fax number or the recipient, ActFax data fields can be used. This module...

BigAnt Server 2 SCH And DUPF Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'BigAnt Server 2 SCH And DUPF Buffer...

BigAnt Server 2.97 - SCH / DUPF Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'BigAnt Server 2 SCH And DUPF Buffer...

BigAnt Server 2 SCH And DUPF Buffer Overflow

This exploits a stack buffer overflow in BigAnt Server 2.97 SP7. The vulnerability is due to the dangerous usage of strcpy while handling errors. This module uses a combination of SCH and DUPF request to trigger the vulnerability, and has been tested successfully against version 2.97 SP7 over...

HT Editor 2.0.20 Buffer Overflow (ROP PoC)

Exploit for linux platform in category dos / poc !/usr/bin/perl =head1 TITLE HT Editor 2.0.20 Buffer Overflow ROP PoC =head2 DESCRIPTION Since version 2.0.18, the stack overflow vulnerability has not been corrected, which I assume would make it 0day? I consequently recoded an exploit, as memory...

ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'ActiveFax ActFax...

Magix Musik Maker 16 .mmm Stack Buffer Overflow

$Id: magixmusikmaker16mmm.rb 12688 2011-05-22 23:41:15Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

ViRobot Desktop 5.5 / Server 3.5 Privilege Escalation

Hauri ViRobot Desktop 5.5 & ViRobot Server 3.5 VRsecos.sys =2008.8.1.1 Local Kernel Mode Privilege Escalation Vulnerability AUTHOR MJ0011 EMAIL thdecoder$126.com VULNERABLE PRODUCTS Hauri ViRobot Desktop 5.5 and below Hauri ViRobot Server 3.5 and below DETAILS: VRsecos.sys create a device called...

UFO - Alien Invasion 2.2.1 IRC Client Remote Code Execution

!/usr/bin/python UFO: Alien Invasion v2.2.1 IRC Client Remote Code Execution - MacOSX OS X Snow Leopard: d1dn0t OS X Leopard: dookie Windows PoC: Jason Geffner http://www.exploit-db.com/exploits/14013 import sys, socket, struct WRITEABLE = 0x8fe66448 STRCPY=0x8fe2db10 shellcode =...

Alien Invasion v2.2.1 IRC Client Remote Code Execution - OSX Snow Leopard (ROP)

No description provided by source. !/usr/bin/python UFO: Alien Invasion v2.2.1 IRC Client Remote Code Execution - MacOSX OS X Snow Leopard: d1dn0t OS X Leopard: dookie Windows PoC: Jason Geffner http://www.exploit-db.com/exploits/14013 import sys, socket, struct WRITEABLE = 0x8fe66448...

Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Overflow

Apple Mac OSX EvoCam Web Server Snow Leopard - ROP Remote Overflow !/usr/bin/python EvoCam Web Server OSX 3.6.6 and 3.6.7 import socket import struct SHELL = "\xdb\xd2\x29\xc9\xb1\x27\xbf\xb1\xd5\xb6\xd3\xd9\x74\x24" "\xf4\x5a\x83\xea\xfc\x31\x7a\x14\x03\x7a\xa5\x37\x43\xe2"...

Apple Mac OSX EvoCam Web Server (Snow Leopard) - ROP Remote Overflow

!/usr/bin/python EvoCam Web Server OSX 3.6.6 and 3.6.7 import socket import struct SHELL = "\xdb\xd2\x29\xc9\xb1\x27\xbf\xb1\xd5\xb6\xd3\xd9\x74\x24" "\xf4\x5a\x83\xea\xfc\x31\x7a\x14\x03\x7a\xa5\x37\x43\xe2" "\x05\x2e\xfc\x45\xd5\x11\xad\x17\x65\xf0\x80\x18\x8a\x71"...

Fedora 12 : quake3-1.36-7.svn1783.fc12 (2010-8558)

Wed May 12 2010 Xavier Lamien - 1.36-7.svn1783 - Update release to svn revision r1783. - Remove botlib-strcpy-abuse patch added upstream. - Thu Jan 21 2010 Hans de Goede 1.36-6 - Update fix autodlrc mirror URL's 557252 - Fri Dec 18 2009 Hans de Goede 1.36-5 - Modify Urban Terror launch script to...

NetBSD 5.0 and below Hack PATH Environment overflow proof of concept

Exploit for bsd platform in category dos / poc ==================================================================== NetBSD 5.0 and below Hack PATH Environment overflow proof of concept ==================================================================== !/bin/sh NetBSD 5.0 and below Hack PATH...

NetBSD 5.0 - Hack GENOCIDE Environment Overflow (PoC)

NetBSD 5.0 - Hack GENOCIDE Environment Overflow PoC !/bin/sh NetBSD 5.0 and below Hack GENOCIDE Environment overflow proof of concept Successfull Exploitation gives guid 100 games Vulnerable Function is in hack.main.c. /usr/games/hack -D use the wizard mode. Only work in wizard mode. It is a basi...