26 bytes small Win32 shellcode that launches cmd.exe. Written for XP SP2 Turkish.
907368c1775ddf7385d0c2734f57d7c482048ce7978fcd5bc65ef6d9c7ab5f0f26 bytes small Win32 shellcode that launches cmd.exe. Written for XP SP3 English.
397875b7dca92fc5ed4e9e0422258d87916ded2d39a840b62844fbfcfe65f5a7Microsoft Internet Explorer versions 7 and 8 suffer from an url validation vulnerability.
5691209f6297d7c41dfedc1fd1bc337896dda52d19cb5fb673984e723b44156aCisco Security Advisory - Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated access to any file on the device and one vulnerability that allows remote, unauthenticated users to execute arbitrary code with elevated privileges. There are workarounds available to mitigate these vulnerabilities.
f55041eba86b197e802f1e3fb48e213d4b2d5aaf87e4bb30235478c5e4e0f139Magic_Block1_2 suffers from a remote file disclosure vulnerability.
24612914e0c86a6feb2ca4d0a71edc207c32deab6232020ee1c533a0a987703bDeveloped as part of G-SEC's investigation for the "Secure SSL/TLS configuration Report 2010", they developed this little tool called SSL Audit. SSL Audit scans web servers for SSL support, unlike other tools it is not limited to ciphers supported by SSL engines such as OpenSSL or NSS and can detect all known cipher suites. It also has a fingerprinting mode.
28724527671579a60227726d8f0274db7ecfcf5fa272303bdca45d92ef5cb702Whitepaper called The (In)Security Of Omegle - What Omegle Users Should Know.
e80131176281cee3105d378e20511889276f7a62b84d727248ed8d1b98a6bf37ULoki Community Forum version 2.1 suffers from a cross site scripting vulnerability.
a2190948885934c0c63581a1eb71dd1ce98a50ac4b3dd1ed99902c05081c997dHP Security Bulletin - Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) .
d609c2737ba3ee1e6d4dc412f6776d14c47fbc01f340bfebad40833c6310c6faServerchk.py is a python script written to scan web applications for SQL injection vulnerabilities.
d0ddb6281fd5a4886511316dd456027446ae9f16291895b5c960f2844b37c776Ubuntu Security Notice 898-1 - It was discovered that gnome-screensaver did not correctly handle monitor hotplugging. An attacker with physical access could cause gnome-screensaver to crash and gain access to the locked session.
ab9efb0c857c5d767a9f9fa4206aaf3b5e719739cb6d5792bfe3d17825fce697HASHE! suffers from multiple remote SQL injection vulnerabilities.
f1aa99a84e638330cd790af752f8bb2905762e2eca9d56c8da13c526d34c33e1HP Security Bulletin - A potential security vulnerability has been identified with HP Network Node Manager (NNM). The vulnerability could be exploited remotely to execute arbitrary commands.
2ff695113e010d874733ddd8a0a1bd5e9e0469ca39922dd749407a99da1b6d38eSmile suffers from a remote SQL injection vulnerability.
3d3deb0e4f3512d9deed7609fa028c1675df6945080fcbc8562832700a21a0ffA vulnerability exists in the Microsoft SMB client which allows an attacker to trigger a kernel pool memory corruption by sending a specific 'Negotiate Protocol' response.
dd4096a3adf7c94d29852abe073cbc999aa234b0784a145cc1d0c9ce5a2c7733PLS PLA WMDownloader proof of concept local buffer overflow exploit that creates a malicious .pls file.
3e61f7070ee3b03509cd8237fdb7e8db6e1bfcf8c051ab0e276e348f4fb82a24Ubuntu Security Notice 897-1 - It was discovered that MySQL could be made to overwrite existing table files in the data directory. It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. It was discovered that MySQL could be made to overwrite existing table files in the data directory. It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. It was discovered that MySQL contained a buffer overflow when parsing ssl certificates.
f0edf6f7535b1520aeb975de468f02533ed513b5b5870eefc4dccd6cc1160507Whitepaper called Right To Left Override Unicode Can Be Used In Multiple Spoofing Cases. Written in French.
f1b0137bda26ef70c47fb6d33261363a586b255af0a7217e22295d19a8bd8fcffeedDemon version 3.1.0.9 .opml file local buffer overflow exploit.
bdb43462e833a38c658cf6f4ea913c59a3fd9b5d0c379adb4507e5a5ea47926bThis is a proof of concept exploit for GNOME's Nautilus file manager version 2.26.2.
bd470c247479213d341811294a08a0b0b6b129cd7ca2222f28c9ddd87f5bedf6This Metasploit module exploits an out-of-bounds array access in the Arcane Software Vermillion FTP server. By sending an specially crafted FTP PORT command, an attacker can corrupt stack memory and execute arbitrary code. This particular issue is caused by processing data bound by attacker controlled input while writing into a 4 byte stack buffer. Unfortunately, the writing that occurs is not a simple byte copy. Processing is done using a source ptr (p) and a destination pointer (q). The vulnerable function walks the input string and continues while the source byte is non-null. If a comma is encountered, the function increments the the destination pointer. If an ascii digit [0-9] is encountered, the following occurs: *q = (*q * 10) + (*p - '0'); All other input characters are ignored in this loop. As a consequence, an attacker must craft input such that modifications to the current values on the stack result in usable values. In this exploit, the low two bytes of the return address are adjusted to point at the location of a 'call edi' instruction within the binary. This was chosen since 'edi' points at the source buffer when the function returns. NOTE: This server can be installed as a service using "vftpd.exe install". If so, the service does not restart automatically, giving an attacker only one attempt.
6c3e569f4a96d6f26bcfe8754e396fc55a9c9d42d38c9300f94855b2dbd501fbThis Metasploit module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script using a WebDAV PUT request.
4ec5b093ab1cb3f7824fc0789935b123c05d0f352410b2d130c1546774dfb524This Metasploit module exploits a buffer overflow vulnerability in opcode 21 handled by rpc.cmsd on AIX. By making a request with a long string passed to the first argument of the "rtable_create" RPC, a stack based buffer overflow occurs. This leads to arbitrary code execution.
aff1d1ff1b53822a5be662ef7f7cb50a2f60bbc8bab207ec0fc7df83f3270216SpiderLabs has documented view state tampering vulnerabilities in three products from separate vendors. Microsoft ASP.Net version 3.5, Apache MyFaces versions 1.2.8 and 1.2.7, and Sun Microsystems Mojarra versions 1.2_14 and 2.0.2 are all vulnerable.
274d820d5053b91c5b4019151e6accd446cb31435dfa6ae866e1d89dceee5e44AdultBannerExchange suffers from an insecure cookie handling vulnerability.
f142410fb170312ad51fa6d4e8e15f8d68406e6dbfa80252e56b9626b1bb942a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed