bashedCgi is a quick and dirty Metasploit module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command.
917183304ff31e505f18d434fcc284d5fe270c928e0cc5e96231c14eabb1aae3
The SCTP implementation used by FreeBSD ("reference implementation") is vulnerable to a remote NULL pointer dereference in kernel due to a logic bug. When parsing ASCONF chunks, an attempt is made to find an association by address. if the address found is INADDR_ANY, sctp_findassoc_by_vtag() is called and an attempt is made to find an association by vtag. Before searching for the vtag in a hash table, a pointer is set to NULL, with the intention of redefining it after finding the association. However, if the specified vtag is not found, the function returns and the ptr is never reinitialized, causing a kernel panic when the NULL pointer is later dereferenced by the SCTP_INP_DECR_REF macro when flow returns to sctp_process_control(). This is a proof of concept denial of service exploit.
318b17b766a7c0e5fc891db3c6cd991c6323ae2a559c0d010ec2ec369599711b
FreeBSD UIPC socket heap overflow proof of concept exploit that causes a kernel panic. Tested on FreeBSD 8.2-RELEASE.
392d5e1fab7ef40059a4391fcc8e1c05b6f410d6413606f432dc4a27dfea91ba
These are slides from a presentation called Jumping the Guard Page for Fun and Profit - Recursive Stack Overflows.
9c88c0b355adee8fb85374ea39f5d41224a4788bf9a35349adff4d4b8448912c
FreeBSD 7.2-RELEASE SCTP local kernel denial of service exploit that causes a panic.
134f70fd1df5a8305a23db386308b72df604b197660b97ea45f9feb63b2e2578
FreeBSD 7.2 PECOFF executable loader local denial of service exploit.
6f5a0d5595aec23366df2e82623382d86a0e722426a0bc0df53b9ed926f3c18b
Local denial of service kernel panic exploit for FreeBSD versions 6 and 8 that takes advantage of the ata device.
0d0bc3bb1d78ccd24a5e499aaa69c2a6845c58b7800175a57622b9e9bffb949a
The finger service in OpenVMS suffers from a stack overflow vulnerability.
393fdae2c7316eed51cd6c4e905ba9e53bae60629db8e31e5537a5320f7ba91b
Urban 1.5.3_1, part of the FreeBSD ports collection, is vulnerable to a stack overflow when handling the $HOME environmental variable. Since urban is installed with setgid games privileges, privilege escalation is possible. Earlier versions may also be susceptible. Proof of concept exploit included.
b4fa91cfa2c177e64461bac4e36029a755502d986f5de31f6bfe695b11b11cb7
picasm versions 1.12b and below suffer from a stack overflow. Exploit included.
4e2bb0c1435036569704215e743f9a5af4217a7e08548fa30a74bdd2bb04b027
A symbolic link condition exists in all versions of texutil. An attacker can overwrite arbitrary files.
586cc0a27418caea44ad3c243bbf5295f48839a64e4f7c4106f429462e13e953
Extcompose, a function of the metamail package, fails to properly verify a file exists prior to writing to it, and will accept symbolic links, leaving it open to being an attack vector.
ecb0d56a71d017b5a7e9ee58f1fd7f55abb82c34705174f94c74945fd4205bde
Motorola T720 Cellular phones have a vulnerability that cause a denial of service when the phone receives an abnormal amount of IP traffic. Upon receiving the traffic, the phone powers-off when the user attempts to access the network.
3c3012ee943ab155015cb94a94a705b5b7f6384e9067ab8966ff66d07ec2c944
A bug exists in the PalmOS httpd that causes a crash with a "Fatal Error". Full exploit included.
5b285308b063e2d59eb136e0072c9ab4a49538d664eb748f4491f7dabcadc37a
A cross site scripting vulnerability exists in the rxgoogle.cgi utility. Patch included.
022463e79ee629b878bc318a032bd03483c447129593257ae5eb4f3b28807b11