5408 matches found
[Full-disclosure] IBM Domino Web Access Upload Module inotes6w.dll SEH Overwrite Exploit
This one is the same offset as dwa7w and the same class id as inotes6. Basically inotes6 and inotes6w share the same class id, except that inotes6w is unicode. dwa7w is unicode and has a different class id. Code is inline, I would attach it except for the fact that I set off way to many av scanne...
Code injection
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on 1 temporary files used by the cligentempfd function in libclamav/others.c or on 2 .ascii files used by sigtool, when utf16-decode is enabled...
inotes6-overwrite.txt
My first attempt at an SEH overwrite exploit. Anyhow, I first posted about this issue regarding version 7 of this control, Will Dormann of the CERT/CC discovered versions 6 and 6.5 are vulnerable too, see http://www.kb.cert.org/vuls/id/963889. Dwa7w.dll and inotes6w.dll are unicode, thats my next...
dwa7w-overwrite.txt
This one is unicode based, so is inotes6w. Exploitation for inotes6w is probably the same just with a different offset. Code is inline and attached. --------------------- IBM Domino Web Access Upload Module dwa7w.dll SEH Overwrite Exploit function Check var buf = unescape"%u4141"; while buf.lengt...
CVE-2007-6533
Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message...
Buffer overflow
Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message...
CVE-2007-6533
Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message...
Unicode buffer-overflow in Zoom Player 6.00b2
Luigi Auriemma Application: Zoom Player http://www.inmatrix.com Versions: = v6.00 beta 2 and naturally all the stable v5 versions Platforms: Windows Bug: unicode buffer-overflow Exploitation: local Date: 24 Dec 2007 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introductio...
: pcre before 7.3 incorrect unicode in char class optimization
Heap-based buffer overflow in Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized...
CVE-2007-6403
Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assisted remote attackers to execute arbitrary code via crafted unicode in a .mp4 file, with crafted tags, contained in a certain .rar archive, a related issue to CVE-2007-2498. NOTE: for exploitation, the victim must select a certai...
Stack overflow
Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assisted remote attackers to execute arbitrary code via crafted unicode in a .mp4 file, with crafted tags, contained in a certain .rar archive, a related issue to CVE-2007-2498. NOTE: for exploitation, the victim must select a certai...
CVE-2007-6403
CVE-2007-6403 involves a stack-based buffer overflow in Nullsoft Winamp 5.32 related to its handling of crafted Unicode in MP4 files, with the issue exploitable when the target opens a crafted MP4 contained in a .rar archive. The vulnerability enables user-assisted remote code execution on the af...
CVE-2007-6403
Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assisted remote attackers to execute arbitrary code via crafted unicode in a .mp4 file, with crafted tags, contained in a certain .rar archive, a related issue to CVE-2007-2498. NOTE: for exploitation, the victim must select a certai...
Nullsoft Winamp 5.32 MP4 tags Stack Overflow Exploit
No description provided by source. !/bin/perl Nullsoft Winamp MP4 tags Stack Overflow 0-day discovered and exploited by SYS 49152 Tested on win XP SP2 ENG Tuned for Nullsoft Winamp 5.32 d.i. Shell on port 49152 usage: well, not much fun for you kids here ...
Nullsoft Winamp MP4 tags Stack Overflow
!/bin/perl Nullsoft Winamp MP4 tags Stack Overflow 0-day discovered and exploited by SYS 49152 Tested on win XP SP2 ENG Tuned for Nullsoft Winamp 5.32 d.i. Shell on port 49152 usage: well, not much fun for you kids here .. to get the shell you have to use ALT+3 and press UPDATE. Instead this one ...
nullsoft-overflow.txt
!/bin/perl Nullsoft Winamp MP4 tags Stack Overflow 0-day discovered and exploited by SYS 49152 Tested on win XP SP2 ENG Tuned for Nullsoft Winamp 5.32 d.i. Shell on port 49152 usage: well, not much fun for you kids here .. to get the shell you have to use ALT+3 and press UPDATE. Instead this one ...
NullSoft Winamp 5.32 - .MP4 Tags Stack Overflow
NullSoft Winamp 5.32 - .MP4 Tags Stack Overflow !/bin/perl Nullsoft Winamp MP4 tags Stack Overflow 0-day discovered and exploited by SYS 49152 Tested on win XP SP2 ENG Tuned for Nullsoft Winamp 5.32 d.i. Shell on port 49152 usage: well, not much fun for you kids here .. to get the shell you have ...
Nullsoft Winamp 5.32 MP4 tags Stack Overflow Exploit
Exploit for unknown platform in category local exploits ==================================================== Nullsoft Winamp 5.32 MP4 tags Stack Overflow Exploit ==================================================== !/bin/perl Nullsoft Winamp MP4 tags Stack Overflow 0-day discovered and exploited ...
Microsoft Excel Unicode Local Overflow Exploit PoC
No description provided by source. excelsexywarez.pl excel unicode overflow poc by kcope in 2006 thanks to revoguard and alex use Spreadsheet::WriteExcel; my $workbook = Spreadsheet::WriteExcel-new"FUCK.xls"; $worksheet = $workbook-addworksheet; $format = $workbook-addformat;...
How to hack PCAnyWhere password-vulnerability warning-the black bar safety net
Since NT machines generally use PCAnyWhere for remote administration,Win2K machines generally use a terminal for remote management,so if we can get the PCAnyWhere remote connection account and password,then you can remote connection to the host. The key is to get to the PCAnyWhere password file...