April 3, 2008 11:04 | by
来源:baicker
milw0rm上的,生成器.lcx给的,稍微改了改代码,据说好用,未测试,最近忙到自杀的时间都没有.唉,可惜有马时候没洞,有洞时候没马,要不就找个站挂上了。
milw0rm上的,生成器.lcx给的,稍微改了改代码,据说好用,未测试,最近忙到自杀的时间都没有.唉,可惜有马时候没洞,有洞时候没马,要不就找个站挂上了。
Real Player rmoc3260.dll ActiveX Control Remote Code Execution Exploit(Heap Corruption)
written by e.b.
Tested on Windows XP SP2(fully patched) English, IE6, rmoc3260.dll version 6.0.10.45
Thanks to h.d.m. and the Metasploit crew
written by e.b.
Tested on Windows XP SP2(fully patched) English, IE6, rmoc3260.dll version 6.0.10.45
Thanks to h.d.m. and the Metasploit crew
/* Dreatica-FXP crew
*
* ----------------------------------------
* Target : mod_jk2 v2.0.2 for Apache 2.0 Win32
* Found by : IOActive Security Advisory
*
* ----------------------------------------
* Target : mod_jk2 v2.0.2 for Apache 2.0 Win32
* Found by : IOActive Security Advisory
March 31, 2008 01:21 | by
Runs calc.exe on Office XP SP3 with updates < 03/11/08.
Just for fun...
http://milw0rm.com/sploits/2008-ms08-016.tgz
Just for fun...
http://milw0rm.com/sploits/2008-ms08-016.tgz
March 27, 2008 10:31 | by
作者:rover
帮朋友检测网站的安全性,用的是SMSJ Version 8.0,号称仿阿里巴巴的东西,注册企业会员后,登录管理,发现上传图片会归类到一个http://www.rover.com/UserDocument/你注册的会员帐号/picture/的目录里不由让人浮想联翩,想起早期动易的那个注册漏洞
说起这个漏洞,完全是iis6引起的,在iis6的站点上,建立一个xx.asp的文件夹,然后在里面放一个改成gif后缀的asp木马,照样会按asp来执行
帮朋友检测网站的安全性,用的是SMSJ Version 8.0,号称仿阿里巴巴的东西,注册企业会员后,登录管理,发现上传图片会归类到一个http://www.rover.com/UserDocument/你注册的会员帐号/picture/的目录里不由让人浮想联翩,想起早期动易的那个注册漏洞
说起这个漏洞,完全是iis6引起的,在iis6的站点上,建立一个xx.asp的文件夹,然后在里面放一个改成gif后缀的asp木马,照样会按asp来执行
Microsoft Office Excel Code Execution Exploit (MS08-014)
http://www.milw0rm.com/sploits/2008-zha0_ms08_014.rar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
http://www.milw0rm.com/sploits/2008-zha0_ms08_014.rar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
来源:xn_ice的blog
CreateLive CMS Version 4.0 0day.doc
by:xiaok q:391232032.771044833 time: 2008-2-4 02:10 xpsp2 ie7 iis5.1 ……
致敬D.S.T的各位同志,致Hell-Phantom,致on thin ice,致老D,致Doom,致群里那帮有文化的流氓……
CreateLive CMS Version 4.0 0day.doc
by:xiaok q:391232032.771044833 time: 2008-2-4 02:10 xpsp2 ie7 iis5.1 ……
致敬D.S.T的各位同志,致Hell-Phantom,致on thin ice,致老D,致Doom,致群里那帮有文化的流氓……
来源:CB
截获到几封带有恶意Excel文档附件的邮件。该恶意Excel文档利用的是Microsoft未修补的Excel漏洞,所以危害极高。超级巡警团队建议用户不要随便打开不明来历的电子邮件,尤其是邮件附件。
截获到几封带有恶意Excel文档附件的邮件。该恶意Excel文档利用的是Microsoft未修补的Excel漏洞,所以危害极高。超级巡警团队建议用户不要随便打开不明来历的电子邮件,尤其是邮件附件。
* $Id: raptor_peek.c,v 1.1 2007/10/18 08:09:02 raptor Exp $
*
* raptor_peek.c - Solaris fifofs I_PEEK kernel memory leak
* Copyright (c) 2007 Marco Ivaldi
*
* raptor_peek.c - Solaris fifofs I_PEEK kernel memory leak
* Copyright (c) 2007 Marco Ivaldi
KingSoft UpdateOcx2.dll SetUninstallName() Heap Overflow Exploit
Date: 2008-02-29
MSN: void[at]ph4nt0m[dot]org
http://www.ph4nt0m.org
Date: 2008-02-29
MSN: void[at]ph4nt0m[dot]org
http://www.ph4nt0m.org
来源:鬼仔'Blog
影响版本:2007SP5 SP6
漏洞文件:/formguide/include/tag.func.php
Author:backerhack 小蟑螂
信息来源:零客网安 www.0kee.com
影响版本:2007SP5 SP6
漏洞文件:/formguide/include/tag.func.php
Author:backerhack 小蟑螂
信息来源:零客网安 www.0kee.com
