bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/18776.txt
Offensive Security ed0e1e4d44 DB: 2018-09-25 
1979 changes to exploits/shellcodes

Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service

Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)

Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection

Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities

Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass

Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities

Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection

Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection

Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)

Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting

Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
2018-09-25 05:01:51 +00:00

59 lines
No EOL
2.7 KiB
Text
Raw Blame History

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
=============================================================================
BeyondCHM 1.1 Buffer Overflow (price 32.56 EUR)
Url: http://www.beyondchm.com/
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org/
This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
Tested on:
Microsoft Windows 7 Professional
6.1.7601 Service Pack 1 build 7601
Info (http://www.beyondchm.com/):
Beyond CHM is a powerful chm reader and chm editor, It enables user to
open multiple tabs at the same time. With this CHM viewer, user can edit
CHM files, including highlighting CHM text, changing font and font size,
removing contents, adding comments and so on, all the changes can be saved
persistently. Additionally, user can switch Beyond CHM between reader
mode and editor mode easily. In reader mode, users can zoom on CHM pages
and navigate among CHM pages easily. Beyond CHM is a good Microsoft HTML
Help Tool replacement, which supports nearly all Windows operation systems.
PoC released as is, I have no time at the moment for further investigations
=============================================================================
=============================================================================
Crafting a .chm file is possible to cause a stack based buffer overflow.
PoC: http://shinnai.altervista.org/exploits/chm.rar
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/18776.rar
=============================================================================
=============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
iQIcBAEBAgAGBQJPllNzAAoJEJlK/ai8vywmNcQQALVZzxXPZOLM8ghXeFoIZk1Y
zumWMQdE4TLQcwg2WNUcGzSvTLss/xMHdBDsHlzXslTBKYwN2W8BBCD0H8MLnhuE
3Vei9nokJDAy6ZKYL8rOeIcuknHIDwf4fjsejDnH1LDdPlKooB+4tYkpGbUcff96
RD4plKA/Olp4SlNPT2U3cEK940ahf6G9W2LGunWgB6jsydudAWUzgVG+sLI+kOmK
QAEe6aHsBVzR8zPHJzggkescICcQVxHdg/ppYxRr5lzeyEYUkHS+aY4k3Mr5U2My
E0l5QMCozoeSQPujW6U3U91TqkXpjViSuoaY+1v6shxyQbSvtHd6946YUMl7qMCI
xzAeofga7JCErH1lltVbUKUnoy6fmbd5F9x2TRIVUSdtoPEFgiHBi0HCRHimx/XS
Cxs/LDRyvM0oAYfbiEqRFm/bkoBxScMVQmXq+ZxRFYfihpU/U2jCfY3yk1E4UAsy
0PL0DVUtvt2Fro09pobXkYlVbRjH4BJwu9/Y4Ko/ZMqWFLDmGGEQiDtRB60n3oNm
k2CmmsVWTmYpIJ6Rlt3azIYRGCqRGALiB9Eph7WcZnij6y4PwSsNpf6uMZH864EM
J3QTi2Xhn+zEq4XEU7IHRRrFyJQOF+0TUV+qYMR+NuBmPhWXk27n6AXQJbu+RjAm
8dBjL95Ghi8s0VQt4rjb
=3c+B
-----END PGP SIGNATURE-----
Reference in a new issue View git blame Copy permalink