exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files from Shaun Colley

Email addressshaun at rsc.cx
First Active2004-02-04
Last Active2014-09-25
bashedCgi Remote Command Execution
Posted Sep 25, 2014
Authored by Shaun Colley, Stephane Chazelas | Site metasploit.com

bashedCgi is a quick and dirty Metasploit module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command.

tags | exploit, arbitrary, shell, cgi, bash
advisories | CVE-2014-6271
MD5 | 44848a3424a134914b0d1e857adb7c0b
FreeBSD Kernel SCTP Denial Of Service
Posted Aug 3, 2012
Authored by Shaun Colley

The SCTP implementation used by FreeBSD ("reference implementation") is vulnerable to a remote NULL pointer dereference in kernel due to a logic bug. When parsing ASCONF chunks, an attempt is made to find an association by address. if the address found is INADDR_ANY, sctp_findassoc_by_vtag() is called and an attempt is made to find an association by vtag. Before searching for the vtag in a hash table, a pointer is set to NULL, with the intention of redefining it after finding the association. However, if the specified vtag is not found, the function returns and the ptr is never reinitialized, causing a kernel panic when the NULL pointer is later dereferenced by the SCTP_INP_DECR_REF macro when flow returns to sctp_process_control(). This is a proof of concept denial of service exploit.

tags | exploit, remote, denial of service, kernel, proof of concept
systems | freebsd
MD5 | 05cc888759970d3a27b3dd8dfef71014
FreeBSD UIPC Socket Heap Overflow
Posted Sep 30, 2011
Authored by Shaun Colley

FreeBSD UIPC socket heap overflow proof of concept exploit that causes a kernel panic. Tested on FreeBSD 8.2-RELEASE.

tags | exploit, overflow, kernel, proof of concept
systems | freebsd
MD5 | 1b84cb92aacf8ffe51fd86111e69b1c1
Jumping The Guard Page For Fun And Profit
Posted Sep 5, 2011
Authored by Shaun Colley

These are slides from a presentation called Jumping the Guard Page for Fun and Profit - Recursive Stack Overflows.

tags | paper, overflow
MD5 | 42132da3599eb576aea9c6165ee460b1
FreeBSD 7.2-RELEASE SCP Kernel Denial Of Service
Posted Aug 6, 2009
Authored by Shaun Colley

FreeBSD 7.2-RELEASE SCTP local kernel denial of service exploit that causes a panic.

tags | exploit, denial of service, kernel, local
systems | freebsd
MD5 | d523ee0a513ba05092abd0e5bef97c54
FreeBSD PECOFF Local Denial Of Service
Posted Jul 20, 2009
Authored by Shaun Colley

FreeBSD 7.2 PECOFF executable loader local denial of service exploit.

tags | exploit, denial of service, local
systems | freebsd
MD5 | 479461c13f0466e594f875cb6395775a
FreeBSD 6/8 ATA Denial Of Service
Posted Jul 13, 2009
Authored by Shaun Colley

Local denial of service kernel panic exploit for FreeBSD versions 6 and 8 that takes advantage of the ata device.

tags | exploit, denial of service, kernel, local
systems | freebsd
MD5 | c6e6b900f7e592f97dbba9bd92310611
openvms-overflow.txt
Posted Aug 8, 2008
Authored by Shaun Colley

The finger service in OpenVMS suffers from a stack overflow vulnerability.

tags | advisory, overflow
MD5 | ea3174c21c059474285315cc75f94710
urbanGame.txt
Posted Sep 7, 2005
Authored by Shaun Colley

Urban 1.5.3_1, part of the FreeBSD ports collection, is vulnerable to a stack overflow when handling the $HOME environmental variable. Since urban is installed with setgid games privileges, privilege escalation is possible. Earlier versions may also be susceptible. Proof of concept exploit included.

tags | exploit, overflow, proof of concept
systems | freebsd
MD5 | 7b58bfa9889fd92a18fb97d8fa8a63fb
picasm.txt
Posted Aug 14, 2005
Authored by Shaun Colley

picasm versions 1.12b and below suffer from a stack overflow. Exploit included.

tags | exploit, overflow
MD5 | 6a33c54f36b4605e72fe3058f268b1e2
texutil.txt
Posted Apr 4, 2004
Authored by Shaun Colley | Site nettwerked.co.uk

A symbolic link condition exists in all versions of texutil. An attacker can overwrite arbitrary files.

tags | advisory, arbitrary
MD5 | 4de539943022dff55b7e4c04497a58e6
extcompose.txt
Posted Mar 13, 2004
Authored by Shaun Colley | Site nettwerked.co.uk

Extcompose, a function of the metamail package, fails to properly verify a file exists prior to writing to it, and will accept symbolic links, leaving it open to being an attack vector.

tags | advisory
MD5 | e04213c055e9d94968876691fc2b2ac0
motorolaT720.txt
Posted Mar 2, 2004
Authored by Shaun Colley | Site nettwerked.co.uk

Motorola T720 Cellular phones have a vulnerability that cause a denial of service when the phone receives an abnormal amount of IP traffic. Upon receiving the traffic, the phone powers-off when the user attempts to access the network.

tags | exploit, denial of service
MD5 | d3c62248544d92b2ef9ea4bdffd774cc
PalmOShttpd.txt
Posted Feb 9, 2004
Authored by Shaun Colley

A bug exists in the PalmOS httpd that causes a crash with a "Fatal Error". Full exploit included.

tags | exploit
systems | palmos
MD5 | d4107b9c6ccb49a41047c8f89123d551
rxgoogle.txt
Posted Feb 4, 2004
Authored by Shaun Colley

A cross site scripting vulnerability exists in the rxgoogle.cgi utility. Patch included.

tags | advisory, cgi, xss
MD5 | 308c941b75c70e20fdcd387e6e6c3641
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    1 Files
  • 18
    Apr 18th
    1 Files
  • 19
    Apr 19th
    19 Files
  • 20
    Apr 20th
    18 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close