exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files from Shaun Colley

Email addressshaun at rsc.cx
First Active2004-02-04
Last Active2014-09-25
bashedCgi Remote Command Execution
Posted Sep 25, 2014
Authored by Shaun Colley, Stephane Chazelas | Site metasploit.com

bashedCgi is a quick and dirty Metasploit module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command.

tags | exploit, arbitrary, shell, cgi, bash
advisories | CVE-2014-6271
SHA-256 | 917183304ff31e505f18d434fcc284d5fe270c928e0cc5e96231c14eabb1aae3
FreeBSD Kernel SCTP Denial Of Service
Posted Aug 3, 2012
Authored by Shaun Colley

The SCTP implementation used by FreeBSD ("reference implementation") is vulnerable to a remote NULL pointer dereference in kernel due to a logic bug. When parsing ASCONF chunks, an attempt is made to find an association by address. if the address found is INADDR_ANY, sctp_findassoc_by_vtag() is called and an attempt is made to find an association by vtag. Before searching for the vtag in a hash table, a pointer is set to NULL, with the intention of redefining it after finding the association. However, if the specified vtag is not found, the function returns and the ptr is never reinitialized, causing a kernel panic when the NULL pointer is later dereferenced by the SCTP_INP_DECR_REF macro when flow returns to sctp_process_control(). This is a proof of concept denial of service exploit.

tags | exploit, remote, denial of service, kernel, proof of concept
systems | freebsd
SHA-256 | 318b17b766a7c0e5fc891db3c6cd991c6323ae2a559c0d010ec2ec369599711b
FreeBSD UIPC Socket Heap Overflow
Posted Sep 30, 2011
Authored by Shaun Colley

FreeBSD UIPC socket heap overflow proof of concept exploit that causes a kernel panic. Tested on FreeBSD 8.2-RELEASE.

tags | exploit, overflow, kernel, proof of concept
systems | freebsd
SHA-256 | 392d5e1fab7ef40059a4391fcc8e1c05b6f410d6413606f432dc4a27dfea91ba
Jumping The Guard Page For Fun And Profit
Posted Sep 5, 2011
Authored by Shaun Colley

These are slides from a presentation called Jumping the Guard Page for Fun and Profit - Recursive Stack Overflows.

tags | paper, overflow
SHA-256 | 9c88c0b355adee8fb85374ea39f5d41224a4788bf9a35349adff4d4b8448912c
FreeBSD 7.2-RELEASE SCP Kernel Denial Of Service
Posted Aug 6, 2009
Authored by Shaun Colley

FreeBSD 7.2-RELEASE SCTP local kernel denial of service exploit that causes a panic.

tags | exploit, denial of service, kernel, local
systems | freebsd
SHA-256 | 134f70fd1df5a8305a23db386308b72df604b197660b97ea45f9feb63b2e2578
FreeBSD PECOFF Local Denial Of Service
Posted Jul 20, 2009
Authored by Shaun Colley

FreeBSD 7.2 PECOFF executable loader local denial of service exploit.

tags | exploit, denial of service, local
systems | freebsd
SHA-256 | 6f5a0d5595aec23366df2e82623382d86a0e722426a0bc0df53b9ed926f3c18b
FreeBSD 6/8 ATA Denial Of Service
Posted Jul 13, 2009
Authored by Shaun Colley

Local denial of service kernel panic exploit for FreeBSD versions 6 and 8 that takes advantage of the ata device.

tags | exploit, denial of service, kernel, local
systems | freebsd
SHA-256 | 0d0bc3bb1d78ccd24a5e499aaa69c2a6845c58b7800175a57622b9e9bffb949a
openvms-overflow.txt
Posted Aug 8, 2008
Authored by Shaun Colley

The finger service in OpenVMS suffers from a stack overflow vulnerability.

tags | advisory, overflow
SHA-256 | 393fdae2c7316eed51cd6c4e905ba9e53bae60629db8e31e5537a5320f7ba91b
urbanGame.txt
Posted Sep 7, 2005
Authored by Shaun Colley

Urban 1.5.3_1, part of the FreeBSD ports collection, is vulnerable to a stack overflow when handling the $HOME environmental variable. Since urban is installed with setgid games privileges, privilege escalation is possible. Earlier versions may also be susceptible. Proof of concept exploit included.

tags | exploit, overflow, proof of concept
systems | freebsd
SHA-256 | b4fa91cfa2c177e64461bac4e36029a755502d986f5de31f6bfe695b11b11cb7
picasm.txt
Posted Aug 14, 2005
Authored by Shaun Colley

picasm versions 1.12b and below suffer from a stack overflow. Exploit included.

tags | exploit, overflow
SHA-256 | 4e2bb0c1435036569704215e743f9a5af4217a7e08548fa30a74bdd2bb04b027
texutil.txt
Posted Apr 4, 2004
Authored by Shaun Colley | Site nettwerked.co.uk

A symbolic link condition exists in all versions of texutil. An attacker can overwrite arbitrary files.

tags | advisory, arbitrary
SHA-256 | 586cc0a27418caea44ad3c243bbf5295f48839a64e4f7c4106f429462e13e953
extcompose.txt
Posted Mar 13, 2004
Authored by Shaun Colley | Site nettwerked.co.uk

Extcompose, a function of the metamail package, fails to properly verify a file exists prior to writing to it, and will accept symbolic links, leaving it open to being an attack vector.

tags | advisory
SHA-256 | ecb0d56a71d017b5a7e9ee58f1fd7f55abb82c34705174f94c74945fd4205bde
motorolaT720.txt
Posted Mar 2, 2004
Authored by Shaun Colley | Site nettwerked.co.uk

Motorola T720 Cellular phones have a vulnerability that cause a denial of service when the phone receives an abnormal amount of IP traffic. Upon receiving the traffic, the phone powers-off when the user attempts to access the network.

tags | exploit, denial of service
SHA-256 | 3c3012ee943ab155015cb94a94a705b5b7f6384e9067ab8966ff66d07ec2c944
PalmOShttpd.txt
Posted Feb 9, 2004
Authored by Shaun Colley

A bug exists in the PalmOS httpd that causes a crash with a "Fatal Error". Full exploit included.

tags | exploit
systems | palmos
SHA-256 | 5b285308b063e2d59eb136e0072c9ab4a49538d664eb748f4491f7dabcadc37a
rxgoogle.txt
Posted Feb 4, 2004
Authored by Shaun Colley

A cross site scripting vulnerability exists in the rxgoogle.cgi utility. Patch included.

tags | advisory, cgi, xss
SHA-256 | 022463e79ee629b878bc318a032bd03483c447129593257ae5eb4f3b28807b11
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close