exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 37 RSS Feed

Files from GitHub Security Lab

First Active2023-06-11
Last Active2023-12-09
libcue 2.2.1 Out-Of-Bounds Access
Posted Dec 9, 2023
Authored by Kevin Backhouse, GitHub Security Lab

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to ~/Downloads, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0. This particular archive holds three proof of concept exploits.

tags | exploit, code execution, proof of concept
advisories | CVE-2023-43641
SHA-256 | 642dbf93a2ac7ad97ec0e5940fb62ec821a66ce449bbde84890a9695362e981a
VIVO SPARQL Injection
Posted Jun 12, 2023
Authored by GitHub Security Lab

Proof of concept exploit for a SPARQL injection vulnerability in VIVO that triggers a denial of service.

tags | exploit, denial of service, proof of concept
advisories | CVE-2019-6986
SHA-256 | 03a908c86212c5d8cb01cd14ceb44e5ff14b5a0ad5966f87f7b111117d9a3ab6
strongSwan VPN Charon Server Buffer Overflow
Posted Jun 12, 2023
Authored by Kevin Backhouse, GitHub Security Lab

Proof of concept exploit for a buffer overflow in strongSwan VPN's charon server.

tags | exploit, overflow, proof of concept
advisories | CVE-2018-5388
SHA-256 | 381239d433a012d932de3871f064091c52ad26bb7b01de975c5e82fe37562652
librelp Remote Code Execution
Posted Jun 12, 2023
Authored by Kevin Backhouse, GitHub Security Lab, Rainer Gerhards, Bas van Schaik

Proof of concept exploit for a buffer overflow remote code execution vulnerability in librelp.

tags | exploit, remote, overflow, code execution, proof of concept
advisories | CVE-2018-1000140
SHA-256 | e494ed907a60d68aba585cbc21eba08e50daffab41973ff8ba84e679096953dc
polkit File Descriptor Exhaustion
Posted Jun 12, 2023
Authored by GitHub Security Lab

Proof of concept exploit for polkit that triggers an eventfd file descriptor leak.

tags | exploit, proof of concept
advisories | CVE-2021-4115
SHA-256 | f9b681fc933ff4d272ea49c02694d6c797b953465a57f0c30ab341372a92d369
Facebook Fizz Denial Of Service
Posted Jun 12, 2023
Authored by Kevin Backhouse, GitHub Security Lab

Facebook Fizz suffered from a remotely triggerable infinite loop denial of service condition due to an integer overflow.

tags | exploit, denial of service, overflow
advisories | CVE-2019-3560
SHA-256 | 5af505c975ff4a29b7c3d8cd18aec2e20e97fd465a21a6d2441d3e348521e614
Ansible Fetch Path Traversal
Posted Jun 12, 2023
Authored by GitHub Security Lab

Proof of concept exploit for a path traversal vulnerability in Ansible's fetch module.

tags | exploit, proof of concept
advisories | CVE-2019-3828
SHA-256 | 8c4c608182c45d96419302765b9eaa12ca07e339dc23cb5c1ded2218533abe68
libssh2 1.8.2 Out-Of-Bounds Read
Posted Jun 12, 2023
Authored by GitHub Security Lab

libssh2 version 1.8.2 contains a remotely trigger-able out-of-bounds read, potentially leading to information disclosure.

tags | exploit, info disclosure
advisories | CVE-2019-13115
SHA-256 | 47dbaa31a29d74354b7f8716952609a928ff2194c685ff7f70671eae2d710286
libssh2 1.9.0 Out-Of-Bounds Read
Posted Jun 12, 2023
Authored by GitHub Security Lab

libssh2 version 1.9.0 contains a remotely trigger-able out-of-bounds read, leading to denial of service or potentially to information disclosure.

tags | exploit, denial of service, info disclosure
advisories | CVE-2019-17498
SHA-256 | e79ff6b1f659b8e1be88dd359afcecafb7933238e7e489068a3bd0a273b7d191
libssh 0.9.6 / 0.10.4 pki_verify_data_signature Authorization Bypass
Posted Jun 12, 2023
Authored by Kevin Backhouse, GitHub Security Lab

libssh proof of concept authentication bypass exploit, which, under certain conditions, may enable a remote attacker to gain unauthorized access to another user's account via ssh login. Versions 0.9.0 through 0.9.6 and 0.10.0 through 0.10.4 are affected.

tags | exploit, remote, proof of concept
advisories | CVE-2023-2283
SHA-256 | 9bd1a8957c6bb9f405736511d3ad44169c96d1094aebcfdbf0555a4786bbe3eb
D-Bus File Descriptor Leak Denial Of Service
Posted Jun 12, 2023
Authored by GitHub Security Lab

Proof of concept exploit for a D-Bus denial of service condition that can be triggered via a file descriptor leak.

tags | exploit, denial of service, proof of concept
advisories | CVE-2020-12049
SHA-256 | 87e71894350d7dbd3c36666fe7e024bd14e19415a79f2aed19e7d9102383633c
Apple XNU Kernel Memory Exposure
Posted Jun 12, 2023
Authored by Kevin Backhouse, GitHub Security Lab

Apple XNU kernel memory exposure proof of concept exploit that is designed for macOS High Sierra version 10.13.

tags | exploit, kernel, proof of concept
systems | apple
advisories | CVE-2017-13782
SHA-256 | 38dd575e5b5287e0c5ce77e2d2ac39c63d630fc15948a59b9200382df1ff09b0
iOS 11.4.1 / macOS 10.13.6 icmp_error Heap Buffer Overflow
Posted Jun 12, 2023
Authored by Kevin Backhouse, GitHub Security Lab

Proof of concept exploit for a remotely trigger-able heap buffer overflow vulnerability in iOS 11.4.1 and macOS 10.13.6. This exploit can be used to crash any vulnerable iOS or macOS device that is connected to the same network as the attacker's computer. The vulnerability can be triggered without any user interaction on the victim's device. The exploit involves sending a TCP packet with non-zero options in the IP and TCP headers.

tags | exploit, overflow, tcp, proof of concept
systems | ios
advisories | CVE-2018-4407
SHA-256 | 5352cd5286d39bd38e49f40ff6d66d63f42d4b951311bef0126c92981172e14f
macOS NFS Client Buffer Overflow
Posted Jun 12, 2023
Authored by Kevin Backhouse, GitHub Security Lab

macOS NFS client buffer overflow proof of concept exploit. These issues were addressed in macOS version 10.13.6.

tags | exploit, overflow, proof of concept
advisories | CVE-2018-4259, CVE-2018-4286, CVE-2018-4287, CVE-2018-4288, CVE-2018-4291
SHA-256 | 917b85555ca4494b492d414d04dedd1a7811edb66c81d2df1ef9435751ac4474
Apple packet-mangler Remote Code Execution
Posted Jun 12, 2023
Authored by Kevin Backhouse, GitHub Security Lab

Proof-of-concept exploit for a remote code execution vulnerability in the packet-mangler component of macOS. The vulnerability was fixed in macOS High Sierra 10.13.5, which was released on June 1, 2018.

tags | exploit, remote, code execution
advisories | CVE-2017-13904, CVE-2018-4249
SHA-256 | 6bb19f476695922a3e4295da78b226643f1cf515a1ee4fc61b849f6bce9c9eb7
Ubuntu accountsservice Double-Free Memory Corruption
Posted Jun 12, 2023
Authored by Kevin Backhouse, GitHub Security Lab

Proof of concept exploit for a double-free memory corruption vulnerability in Ubuntu accountsservice.

tags | exploit, proof of concept
systems | linux, ubuntu
advisories | CVE-2021-3939
SHA-256 | a24f0c965168bcc3814136c8ee24f8fd5c7b0fb07f7be9bcaa47978b144f0e8f
Ubuntu Apport / Whoopsie DoS / Integer Overflow
Posted Jun 12, 2023
Authored by GitHub Security Lab

Five proof of concept exploits that encompass integer overflow and denial of service conditions in Ubuntu's Apport and Whoopsie components.

tags | exploit, denial of service, overflow, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-11476, CVE-2019-11481, CVE-2019-11484, CVE-2019-15790, CVE-2019-7307
SHA-256 | 04883ffd913b86aa2c8a13bf6757fef0b0d4525b563200cbd5563f587cdfc221
SANE Backends Memory Corruption / Code Execution
Posted Jun 12, 2023
Authored by Kevin Backhouse, GitHub Security Lab

Proof of concept exploits for libsane. The first enumerates a series of memory corruption issues and the second pops a calculator.

tags | exploit, proof of concept
advisories | CVE-2020-12861
SHA-256 | 5ceb1ae3ba7a731ca6ae7c87b33be4c77455ddf79d5edc4c07eb4b5cf09b23b2
Microsoft ChakaCore Remote Code Execution
Posted Jun 12, 2023
Authored by GitHub Security Lab

Microsoft ChakaCore proof of concept exploit for a remote code execution vulnerability.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2017-0141
SHA-256 | 2e0ec88002fb1391d58a60ee453157c9d0449ba5f50a42e34b268e8ddd28c73f
polkit Authentication Bypass
Posted Jun 11, 2023
Authored by Kevin Backhouse, GitHub Security Lab

Proof of concept exploit for an authentication bypass vulnerability in polkit.

tags | exploit, proof of concept, bypass
advisories | CVE-2021-3560
SHA-256 | 458437eef69ad8bf3f51e3b80d608d2052ad08a989fbda8025248aff1d4b2a27
Chrome JIT Compiler Type Confusion
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for a type confusion bug in the JIT compiler of Chrome that can be used to achieve remote code execution.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2021-30632
SHA-256 | 30eeadf8f371d4a17379456833c3996be91c75c93e2bc055f9e6f40682fc5995
Chrome V8 Logic Bug / Use-After-Free
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept for a logic bug in the implementation of the garbage collector (GC) in v8 (the JavaScript interpreter of Chrome). The exploit poc.js is tested on v8 version 9.4.146.16 (commit 452f57b), which is the version shipped with Chrome 94.0.4606.61, the one before the bug was fixed, on Ubuntu 20.04.

tags | exploit, javascript, proof of concept
systems | linux, ubuntu
advisories | CVE-2021-37975
SHA-256 | 9bcd05375f4716e560bf2a6e62f7e0eed58e6eb6f38f4070b6205036e9ca28ca
Chrome Renderer Type Confusion / Remote Code Execution
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept remote code execution exploit that demonstrates a vulnerability in the Chrome renderer sandbox by simply visiting a malicious website.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2022-1134
SHA-256 | 0bef9994895034465485b3ccc1c259c22c1bde140f7e3d288d935477095db1e7
Chrome WebAudio Use-After-Free
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for a Chrome use-after-free vulnerability of non-garbage-collected objects, which is allocated by the PartitionAlloc memory allocator.

tags | exploit, proof of concept
advisories | CVE-2020-6449
SHA-256 | 3c22f0abad82c2cbf4c1d29bf8cfddf026899fc8272a11d1fea6c2c2b02b6e21
Chrome Renderer Remote Code Execution
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for a Chrome renderer remote code execution vulnerability.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2020-15972
SHA-256 | 9fe14db33f51b4c5ac882ae3b87ce8ce4342d37160fda598491088767b81b67e
Page 1 of 2
Back12Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close