Proof of concept exploit for a type confusion bug in the JIT compiler of Chrome that can be used to achieve remote code execution.
30eeadf8f371d4a17379456833c3996be91c75c93e2bc055f9e6f40682fc5995Proof of concept for a logic bug in the implementation of the garbage collector (GC) in v8 (the JavaScript interpreter of Chrome). The exploit poc.js is tested on v8 version 9.4.146.16 (commit 452f57b), which is the version shipped with Chrome 94.0.4606.61, the one before the bug was fixed, on Ubuntu 20.04.
9bcd05375f4716e560bf2a6e62f7e0eed58e6eb6f38f4070b6205036e9ca28caProof of concept remote code execution exploit that demonstrates a vulnerability in the Chrome renderer sandbox by simply visiting a malicious website.
0bef9994895034465485b3ccc1c259c22c1bde140f7e3d288d935477095db1e7Proof of concept exploit for a Chrome use-after-free vulnerability of non-garbage-collected objects, which is allocated by the PartitionAlloc memory allocator.
3c22f0abad82c2cbf4c1d29bf8cfddf026899fc8272a11d1fea6c2c2b02b6e21Proof of concept exploit for a Chrome renderer remote code execution vulnerability.
9fe14db33f51b4c5ac882ae3b87ce8ce4342d37160fda598491088767b81b67eProof of concept exploit that demonstrates a bug that can be used to escape the Chrome sandbox from a compromised renderer. Two exploits are included, one for the 64 bit version 90.0.4430.91 and the other is for the 32 bit version 88.0.4324.181. The build configs are in the corresponding sub directories.
6f9069e00ff5656306f2637f1524304a8b31f78226021e7cf37a36cd64d05030Proof of concept code that exploits three bugs that can be used to gain arbitrary kernel code execution, read and write from the untrusted app domain. Kernel code is executed in the context of the root user and the exploit also disable SELinux. The exploit is tested on Samsung Galaxy A71 with firmware version A715FXXU3BUB5, Baseband A715FXXU3BUB4 and Kernel version 4.14.190-20973144.
d7fb13a8e212690bea66fdff3ce4d52d05a239e824796af7a580b4f67ac5a57dProof of concept exploit for an information leak vulnerability in the Qualcomm Adreno GPU. The bug can be used to leak information in other user apps, as well as in the kernel from an untrusted app. The directory adreno_user contains a proof-of-concept for leaking memory from other applications. It will repeatedly trigger the bug and read the stale information contained in memory pages.
14a7bc813fbfd5b0814582d935ba39c5649faf3bc3609e054c88db47e4159c41Qualcomm kgsl driver use-after-free proof of concept exploit. The bug can be used to gain arbitrary kernel memory read and write from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Samsung Galaxy Z Flip 3 (European version SM-F711B) with firmware version F711BXXS2BUL6, Baseband F711BXXU2BUL4 and Kernel version 5.4.86-qgki-23063627-abF711BXXS2BUL6 (EUX region).
013038a08c172f14d7c3c6abb8e3556978d9037f5c5e575225e2ff3cf63e5655Qualcomm kgsel driver proof of concept use-after-free exploit. The bug can be used to gain arbitrary kernel code execution, read and write from the untrusted app domain. The exploit is tested on Samsung Galaxy A71 with firmware version A715FXXU3ATJ2, Baseband A715FXXU3ATI5 and Kernel version 4.14.117-19828683.
b38ccffb8c90b392f46848fba04831d2ef7063a8f36bb2c4835fd662f0d5379eProof of concept exploit for Android on Arm Mali GPU with a kernel driver bug that can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 with the November 2022 and January 2023 patch.
1c81e6cc4abcfe0ecb1417d1ee980963d887a2109472ab157bbd2c2fa62921efProof of concept exploit for the Arm Mali GPU that can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6. The original exploit that was sent to Google is included as hello-jni.c as a reference and was tested on the July 2022 patch of the Pixel 6. Due to the fact that Pixel 6 cannot be downgraded from Android 13 to Android 12, an updated version of the exploit, mali_shrinker_mmap.c is included, which supports various firmware in Android 13, including the December patch, which is the latest affected version.
bc50f9e9f9fe69b36613124dc79ca07e6c6523713f3c1192a6204b4ec7783f2cProof of concept exploit for a memory corruption vulnerability in the Arm Mali GPU kernel driver that was reported in January of 2022. The bug can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 and supports patch levels from November 2021 to February 2022. It is easy to add support for other firmware by changing a few image offsets.
66eea2398301c881c76dc1359392bb4e7585bacb1998c8e4de619ba964588857Proof of concept exploit for GHSL-2023-005. A security patch from the upstream Arm Mali driver somehow got missed out in the update for the Pixel phones and was reported to Google in January 2023. The bug can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 for devices running the January 2023 patch.
b4dee085caf18f3a2b27ef4e7e723670fff60eb3022abf602e9819d7317518e8This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.
d4db47de622ab194cae5e05a485e3f4743601277e19a6aa2f5275bcad5350dabMan Yue Mo from the Semmle Security Research team noticed that Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution vulnerabilities.
e28e551a6d08832d9693c14547ef8d1e1b8a7bb9af46ee2af406329dc5a086c7Apache Batik versions 1.0 through 1.9.1 suffer from an information disclosure vulnerability.
d87dbb7678fbb6eb6da6bf65eb0b618a7feb53279e67f7829e550cf9653ed0dbA vulnerability allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. Apache Hadoop versions 0.23.0 to 0.23.11, 2.0.0-alpha to 2.8.2, and 3.0.0-alpha to 3.0.0-beta1 are affected.
44afdb4249889150e46420353b4fd75f8d2b9440d52d85f80b903040c511074bApache Struts versions 2.5 through 2.5.12 using the REST plugin are vulnerable to a Java deserialization attack in the XStream library.
733707ff1693492ed26a3fc45635dfec661cbb6f0cba034160e94e43f171f6b9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed