| Real Name | ryujin |
|---|---|
| Email address | private |
| Website | www.offensive-security.com |
| First Active | 2008-01-09 |
| Last Active | 2015-05-21 |
Microsoft Windows versions 8.0 and 8.1 on x64 TrackPopupMenu privilege escalation exploit that leverages the vulnerability documented in MS14-058.
7d524f41ded3fbca83cd0ed3b01c95d13cab774d7a2fa4d2956447e6c0c1eed9Symantec Endpoint Protection versions 11.x and 12.x suffer from a kernel pool overflow vulnerability.
4336ac24272f9e03af411eafef0734ba3a8c0d939a93fed5265bff19cf5612feThis Metasploit module exploits a flaw in the AfdJoinLeaf function of the afd.sys driver to overwrite data in kernel space. An address within the HalDispatchTable is overwritten and when triggered with a call to NtQueryIntervalProfile will execute shellcode. This Metasploit module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process before restoring it's own token to avoid causing system instability.
f6dc1203a74e12170988c31fabd455ab39d26e8231aa917f56967362c0509242MS11-080 privilege escalation exploit that leverages the fact that afd.sys does not properly validate user-mode input passed to kernel-mode.
050ef4e20cffa5096df95d3a92d67ec15bef3ea3848cd5b8824bbec9e2cb4338This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.
eca7d8b6931584eb3a994d517c4e7c7d6ee00bc2c0a6e1a811a275c54de08fa6Mozilla Firefox Integer Overflow | Mozilla Firefox Array.reduceRight() integer overflow exploit. James Besmertnuk has reported that this vulnerability is still present in Firefox version 9.0.1.
b0d79a9af8ab6b14c5febfcb8aae8db449fcd6cc78eecbb021905dadaa2e2e0eThis Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer to point to an unaligned address within the vtable's function pointers. This leads to the program counter being set to the address determined by the address "[vtable+0x30+1]". The particular address depends on the exact version of the mshtml library in use. Since the address depends on the version of mshtml, some versions may not be exploitable. Specifically, those ending up with a program counter value within another module, in kernel space, or just not able to be reached with various memory spraying techniques. Also, since the address is not controllable, it is unlikely to be possible to use ROP to bypass non-executable memory protections.
c5af90428a60eae212629d6165cc2ab369c2d3111464b63c3d7505ceda36a191This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution.
b5f68cfc74a96815adebfeab5b901e1febc67c4cb41f55ca40098dbd8d7ac9ffMicrosoft Internet Explorer versions 6, 7 and 8 memory corruption exploit.
31684eb156a1877d3e7a41622e50d6e6c00769cce04fc282658316fb9370a72dAvast! version 4.7 aavmker4.sys local privilege escalation vulnerability.
d3bb28a2b24343c621152dc7cfb21ff4932d6710b667865b875da8570485ee90PHP version 6.0 Dev str_transliterate() buffer overflow exploit with NX + ASLR bypass.
c915cded3e7fe8ebb668fccbc01befdee1908158cb07caee201a7e6e7dab516dNovell eDirectory version 8.8 SP5 iConsole buffer overflow exploit. Written in Python.
95f50c442d3fd3dc5c31b4e796c37252f8f18b011dbce81f67724b44562c1ee0HP Power Manager Administration universal buffer overflow exploit. Written in Python.
337fad58366611acfcbe84f9d94f843b5856b4b86a3e3ea9b0faf759454d90c4Apple iTunes version 8.1.1.10 itms/itcp buffer overflow exploit for Microsoft Windows.
140b17c3410e2700b0f0b0f6aba6cda0e9899e7773db6b0f7c41bb673a524261FreeSSHD version 1.2.1 post authentication remote SEH overflow exploit that spawns a shell on port 4444.
f7343d892c3d08b25b42c2fd3eed90f2a31ecb113628845c1d671d69ea95a842VLC version 0.8.6d double shell universal exploit that binds a shell to port 4444.
e184c134027416e686c1e5810a3cf2cb24ddf0bb94a461147657eccd217e10e2BigAnt Server version 2.2 pre-auth remote SEH overflow exploit for Windows 2000 SP4 English that binds a shell to port 6080.
686272c27038e11de7c9e4ab5049521055d0aff4cb2b0da06793f5ea631ad9aaNetWin Surgemail version 3.8k4-4 IMAP post-auth remote LIST universal exploit that binds a shell to port 4444.
13e2fa0e22a61a07a78d0404ae1ce4d872b60e6a762cc83285b52ee831ab9f6cMDaemon IMAP server version 9.6.4 FETCH command remote buffer overflow universal exploit that binds a shell to port 4444.
46172680402d72918d7c2218e17716c08edb90bc46bac08874a8277b85c54ab2MailEnable SMTP server VRFY/EXPN command buffer overflow denial of service exploit.
a0705361ac29e9fb40f8aeae9a11b264b6c3114b26f03df112fc86cb7c8a608dMicrosoft DirectX SAMI file parsing remote stack overflow exploit that binds a shell to port 4444.
891b81acd9ed28a3aeb26a4085e20322e16d833a8297675eed4861882ea54014
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed