Mel0nPlayer 1.0.11.x Denial of Service POC
Mel0n Player is a famous software in Indonesia to play songs that are provided by the Melon portal (http://www.melon.co.id). This software can play any music file types such as mp3, wav, wma, mp4, and others. This player can also play the files on your local computer or by online streaming to the portal Melon. The songs can also be downloaded to your local computer.
The main program (IDMelonPlayer.exe) suffers from a buffer overflow vulnerability when opening p_about.ini file (Note: Actually, p_about.ini is a configuration file as part of skin template. This file will bring the program information and can be accessed on the menu (Menu → Information)), as a result of adding extra bytes to parts of the file (Text section), giving the attackers possibility to run an arbitrary code execution on the system that install Melon Player.
This is just the POC, it will just crash the program.. (more…)
FTPGetter v18.104.22.168 Buffer Overflow (PASV) Exploit
A vulnerability has been discovered in FTPGetter, which can be exploited by malicious people to compromise a user’s system.
The issue is likely due to insufficient bounds checking and presents itself when the affected FTP client makes a connection to a malicious server that is running PASV mode. The PASV command is issued to tell the server that the client wishes to transfer files in passive mode. FTP servers that support passive mode will respond to such a request with an IP address and port number.
Successful exploitation allows execution of arbitrary code, but requires that the user is tricked into connecting to a malicious FTP server. (more…)
0day Linux Escalation Privilege Exploit Collection
Take a look at here 201011-0day-linux-exploit.tar.bz2 (md5sum: 266e5981888fd2ab061248c692e04742)
*Update: I rename the file and make the script more comfort.
Please note that I am not responsible for the misuse of this tool. I just collect them into one script. For all users who download this tool should have their own responsibility on it.