2024 matches found
Microsoft Windows图形设备接口附加库拒绝服务
No description provided by source. !/bin/perl 0-day crash poc gdiplus.dll by Mr.Niega Check out hex offset 2e play with the 2byte's, set it to 20 if you want a non crashing ico file Division by zero this POC tested with: win XP ENG sp2 And for SYS 49152 im that 0daysec guy ; Rename Poc.ico to...
NetGear wireless driver fails to properly process specially-crafted 802.11 management frames
Overview A buffer overflow vulnerability exists in the Netgear WG311ND5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The WG311ND5.SYS driver is a wireless 802.11g device driv...
CVE-2006-6059
The CVE-2006-6059 issue affects Netgear MA521 PCMCIA adapter’s MA521nd5.SYS driver (version 5.148.724.2003). A buffer overflow in the driver can be triggered by 802.11 management frames (beacon or probe responses with long supported rates element), allowing remote attackers to execute arbitrary c...
CVE-2006-6059
Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via 1 beacon or 2 probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a "memory corruption" error, b...
TORQUE: Insecure temporary file creation
Background TORQUE is a resource manager providing control over batch jobs and distributed compute nodes. Description TORQUE creates temporary files with predictable names. Please note that the TORQUE package shipped in Gentoo Portage is not vulnerable in the default configuration. Only systems wi...
CVE-2006-5882
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field...
CVE-2006-5882
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field...
CVE-2006-5882
CVE-2006-5882 describes a stack-based overflow in the Broadcom BCMWL5.SYS wireless device driver (version 3.50.21.10), used by Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products. The vulnerability allows remote attackers within an adjacent network to execute ar...
Broadcom wireless driver fails to properly process 802.11 probe response frames
Overview A buffer overflow vulnerability exists in the Broadcom BCMWL5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The BCMWL5.SYS driver is a wireless 802.11 device driver...
Solaris 9 (sparc) : 113801-12
Sun Cluster 3.1: Core/Sys Admin Patch. Date this patch was last updated by Sun : May/20/04 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Solaris Runtime Linker (ld.so.1) Buffer Overflow Exploit (SPARC version
No description provided by source. / ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard overflow and return into li...
[Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation
Symantec Antivirus Engine is prone to a local privilege escalation vulnerability. Two Device Drivers are affected: NAVEX15.sys, NAVENG.sys. NAVEX15.sys LOW CONSTANT VALUE PAGE:0004B611 sub edx, 222AD3h PAGE:0004B617 push esi PAGE:0004B618 jz short loc4B63C loc4B63C: mov edx, ecx+3Ch PAGE:0004B63F...
Apple Mac OSX 10.4.7 - Mach Exception Handling Privilege Escalation
/ excploit.c - 28 Nov 2005 - [email protected] Exploitable Mach Exception Handling Affected: Mac OS X 10.4.6 darwin 8.6.0 and older When a process executes a setuid executable, all existing rights to the task port are invalidated, to make sure unauthorized processes do not retain control o...
Solaris 9 (sparc) : 121316-02
SunOS 5.9: kernel/sys/doorfs Patch. Date this patch was last updated by Sun : Aug/10/06 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...
Oracle DBMS绕过登录访问控制漏洞
BUGTRAQ ID: 16287 CVECAN ID: CVE-2006-0256 Oracle Database是一款大型商业数据库系统。 Oracle Database的登录过程实现存在漏洞,远程攻击者可能在登录过程中对服务器进行SQL注入攻击。...
gdiplus.pl.txt
!/bin/perl 0-day crash poc gdiplus.dll by Mr.Niega Check out hex offset 2e play with the 2byte's, set it to 20 if you want a non crashing ico file Division by zero this POC tested with: win XP ENG sp2 And for SYS 49152 im that 0daysec guy ; Rename Poc.ico to Poc.png and have it as display picture...
Gdiplus.dll division by 0
!/bin/perl 0-day crash poc gdiplus.dll by Mr.Niega Check out hex offset 2e play with the 2byte's, set it to 20 if you want a non crashing ico file Division by zero this POC tested with: win XP ENG sp2 And for SYS 49152 im that 0daysec guy ; Rename Poc.ico to Poc.png and have it as display picture...
mspp-poc1.txt
/----------------------------------------------------------------------------------------- MS Power Point Unspecified vulnerability POC nice SYS 49152 what about rar ? sorry no more comments : figure it yourself some greetz goes to waqas : Tested against Power Point ' 03 -- naveed...
msword-hlink-ohday.txt
Hi people, the same problem concerning hlink.dll already exploited in excel is present even in Microsoft Word, but Word 2003 seems, luckily, not vulnerable. this one is the public 0-day I made for Microsoft Word. the author is "SYS 49152" obviusly it's a local sploit .. best regards. SYS 49152...
Microsoft Word 20002003 - Hlink Local Buffer Overflow
Microsoft Word 20002003 - Hlink Local Buffer Overflow !/bin/perl Microsoft Word hlink 0-day by SYS 49152 this POC works only with: win 2ksp4 ENG + word 2000/XP all versions. win XP ENG sp1/sp2 + word XP 2002 SP3. Word 2003 is not vulnerable. bindshell on port 49152 hey kids.. I hope you know how ...