[EXPL] BlackJumboDog Remote Buffer Overflow Exploit Code

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

MS Windows XP Task Scheduler (.job) Universal Exploit (MS04-022)

Exploit for unknown platform in category local exploits ================================================================ MS Windows XP Task Scheduler .job Universal Exploit MS04-022 ================================================================ / HOD-ms04022-task-expl.c: MS04-022 Microsoft...

LBEhelpdesk.txt

LBE Web HelpDesk SQL Injection Summary Leigh Business Enterprises's Web HelpDesk is "operated entirely through your web browser and is designed to be used by both your support staff and your customers". We found the product to contain at least one exploitable SQL Injection vulnerability that woul...

Fedora Core 2 : kernel-2.6.6-1.427 (2004-137)

An updated kernel is available that brings the kernel to the 2.6.7-rc3 base level. This new kernel provides a significant number of bug fixes and improvements for USB, the keyboard/mouse subsystem and the VM. This kernel also fixes the high profile bugs about not working on VIA C3 processors 1206...

Flash FTP Server - Directory Traversal

TestCode: C:\ftp localhost Connected to server. 220 Flash FTP Server v2.1 ready... User server:none: CoolICE 331 Password required for CoolICE. Password: 230 User CoolICE logged in. ftp get /winnt/system.ini 200 Port command successful. 150 Opening data connection for /winnt/system.ini. 226 File...

Drcat 0.5.0-beta (drcatd) Remote Root Exploit

Exploit for linux platform in category remote exploits ============================================= Drcat 0.5.0-beta drcatd Remote Root Exploit ============================================= / Proof of Concept DRCATD Remote exploit by Taif Test: email protected drcat ./drcat -d 127.0.0.1 -u taif ...

MySQL 4.15.0 - Zero-Length Password Authentication Bypass

MySQL 4.15.0 - Zero-Length Password Authentication Bypass !/usr/bin/perl The script connects to MySQL and attempts to log in using a zero-length password Based on the vuln found by NGSSecurity The following Perl script can be used to test your version of MySQL. It will display the login packet se...

RHEL 3 : pwlib (RHSA-2004:047)

Updated PWLib packages that contain fixes for security issues found during protocol testing by the NISCC are now available. PWLib is a cross-platform class library designed to support the OpenH323 project. OpenH323 provides an implementation of the ITU H.323 teleconferencing protocol, used by...

allegrodos.txt

The description made it easy to create this one. Needed this to confirm if some 2.10-branded products were in fact patched and warranted replacing. Considering there was four years of warning and there are still tons of boxes with this problem, please, people, get your systems pen-tested...

RoseAttackv1.txt

/-------------------------------------------------------------/ / Implementation of Rose Attack described by Gandalf . Reference: Bugtraq, 30 mars 2004, "IPv4 fragmentation, The Rose Attack" Written by Laurent Constantin Library netwib must be installed:...

WinZip - MIME Parsing Overflow

/ Author: snooq Date: 14 April 2004 This is a PoC exploit for WinZip32 MIME Parsing Overflow bug reported by iDefense on 27 February 2004. The original advisory is found here: http://www.idefense.com/application/poi/display?id=76 This version is SP dependent becoz my idiotic shellcode uses...

Microsoft IIS - SSL Remote Denial of Service (MS04-011)

/ Microsoft SSL Remote Denial of Service MS04-011 Tested succesfully against IIS 5.0 with SSL. David Barroso Berrueta dbarroso s21sec com Alfredo Andres Omella aandres s21sec com S21sec - www s21sec com / include include include include include include include include include include include...

[Full-Disclosure] Microsoft Help and Support Center argument injection vulnerability

OVERVIEW ======== "Help and Support Center HSC is a feature in Windows that provides help on a variety of topics" from www.microsoft.com. It can be accessed via HCP: URLs. HSC is installed by default on Windows XP and Windows Server 2003 systems. An argument injection vulnerability in HSC allows ...

Unreal engine updates and Battle Mages advisory

I have an update about the methods used to test the format string vulnerability in the Unreal engine I reported yesterday. I have solved a problem in the windows version of my proof-of-concept unrfs-poc now version 0.1.1: http://aluigi.altervista.org/poc/unrfs-poc.zip The following instead is a...

gwebTraversal.txt

Donato Ferrante Application: GWeb HTTP Server http://freshmeat.net/projects/gweb/ Version: 0.6 Bug: directory traversal bug Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2...

Proxy-Pro Professional GateKeeper 4.7 Web Proxy - Buffer Overrun

// source: https://www.securityfocus.com/bid/9716/info Proxy-Pro Professional GateKeeper is prone to a remotely exploitable buffer overrun that may be triggered by passing HTTP GET requests of excessive length through the web proxy component. This could be exploited to execute arbitrary code in t...

Linux Kernel 2.2.25/2.4.24/2.6.2 - 'mremap()' Validator

/ Proof-of-concept exploit code for domremap 2 EDB Note: This is NOT to be confused with CVE-2003-0985 // https://www.exploit-db.com/exploits/141/, which would be "domremap 1". EDB Note: This will just "test" the vulnerability. A exploit version can be found here...

Linux Kernel 2.2.252.4.242.6.2 - mremap() Validator

Linux Kernel 2.2.252.4.242.6.2 - mremap Validator / Proof-of-concept exploit code for domremap 2 EDB Note: This is NOT to be confused with CVE-2003-0985 // https://www.exploit-db.com/exploits/141/, which would be "domremap 1". EDB Note: This will just "test" the vulnerability. A exploit version c...

[Full-Disclosure] Serv-U 4.1 Memory Corruption / Whatever

Well, I didn't have the time to fully analyze it yet, but by using a fuzzer to check Serv-U, I found something that crashed it using bad data in SITE CHMOD. This is not the already discovered vulnerability, cause it can be used without write access, the crash occurs before permissions are even...

[RHSA-2004:048-01] Updated PWLib packages fix protocol security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated PWLib packages fix protocol security issues Advisory ID: RHSA-2004:048-01 Issue date: 2004-02-13 Updated on: 2004-02-13 Product: Red Ha...