Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors (CAN-2004-0360). This exploit uses the ret-into-ld.so technique, to effectively bypass the non-executable stack protection (noexec_user_stack=1 in /etc/system). The exploitation wasn't so straight-forward: sending parameters to passwd(1) is somewhat tricky, standard ret-into-stack doesn't seem to work properly for some reason (damn SEGV_ACCERR), and we need to bypass a lot of memory references before reaching ret. Many thanks to Inode <inode@deadlocks.info>.
This is an exploit for VideoScript version 4.0.1.50 that allows an attacker to change the admin password.
Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable and the Help feature (CAN-2003-0834).
The vulnerability allows an attacker to inject malicious SQL queries into the Yahoo Answers website, potentially gaining unauthorized access to the database and extracting sensitive information.
Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via a modified DTHELPUSERSEARCHPATH environment variable and the Help feature (CAN-2003-0834). Possible attack vectors are: DTHELPSEARCHPATH (as used in this exploit), DTHELPUSERSEARCHPATH, LOGNAME (those two require a slightly different exploitation technique, due to different code paths).
This exploit takes advantage of a format string vulnerability in the SHOUTcast DNAS/Linux v1.9.4 software. By sending a specially crafted request, an attacker can execute arbitrary code on the target system. The exploit has been tested on Slackware 9.1 and 10.0. The shellcode used in this exploit is a bindshellcode that opens a port 7000 on the target system. The exploit also provides instructions on how to calculate the address for the shellcode.
This exploit overwrites the structured exception handler with a 'pop edx pop eax ret' in kernel32.dll, which takes us to a pointer of the next SEH. Just jmp over the SEH itself and reverse code gets executed.
This is an exploit for the MS08-067 vulnerability, which is a remote stack overflow vulnerability. It allows an attacker to execute arbitrary code on a target system.
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).
This is a local game exploit for XGalaga 2.0.34 on Red Hat 9.0. The exploit allows an attacker to execute arbitrary code by exploiting a buffer overflow vulnerability.
Services By CQR