exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed


Sudo 1.8.31p2 / 1.9.5p1 Buffer Overflow
Posted Feb 5, 2021
Authored by Blasty, Spencer McIntyre, Qualys Security Advisory, bwatters-r7, Alexander Krog | Site metasploit.com

A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.

tags | exploit, overflow, local
advisories | CVE-2021-3156
SHA-256 | cdf458fa2ff6a679afd1037bdb879758b301305b20f223b3aade629bb97b04bc

Related Files

Technical Cyber Security Alert 2010-159A
Posted Jun 12, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-159A - According to Adobe, there is a vulnerability in Adobe Flash. This vulnerability affects Flash Player, Reader, Acrobat, and possibly other products that support Flash. A remote attacker could exploit this vulnerability to execute arbitrary code.

tags | advisory, remote, arbitrary
SHA-256 | 92d4d10d9876e9f473c2b97c245bf320a1cd8e2ed321e0718a268d019d732f99
Multiple Browser Audio Tag Denial Of Service
Posted Apr 22, 2010
Authored by Chase Higgins

Proof of concept exploit that demonstrates an Audio Tag denial of service vulnerability that affects Chrome and Safari.

tags | exploit, denial of service, proof of concept
SHA-256 | 7998f14f216bd39b0575479a751c7ae766a6ae068c1bccdbcecc3cf3812712d1
Internet Explorer / Opera Source Code Viewer Null Character Handling
Posted Apr 13, 2010
Authored by Daniel Correa

Internet Explorer and Opera suffer from a null character handling vulnerability that affects the source code viewer.

tags | exploit
SHA-256 | 6f47aa69966d060ace583f0150c43622582a55c04b1774dcfb97de6fdc1e70bf
Debian Linux Security Advisory 2023-1
Posted Mar 28, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2023-1 - Wesley Miaw discovered that libcurl, a multi-protocol file transfer library, is prone to a buffer overflow via the callback function when an application relies on libcurl to automatically uncompress data. Note that this only affects applications that trust libcurl's maximum limit for a fixed buffer size and do not perform any sanity checks themselves.

tags | advisory, overflow, protocol
systems | linux, debian
advisories | CVE-2010-0734
SHA-256 | 2dd03f5782033bbbad2979c5613092755d8d8f7e9db11e1cb1845c5543498708
Adobe PDF LibTiff Integer Overflow
Posted Mar 13, 2010
Authored by villy

Adobe PDF LibTiff integer overflow code execution exploit that affects versions 8.3.0 and below and 9.3.0 and below.

tags | exploit, overflow, code execution
advisories | CVE-2010-0188
SHA-256 | 076c3cc941c8d0cafbb3478028a2e0b84834a5f95d7095704791d4b35d1d31f5
Sagem Routers Remote Reset Exploit
Posted Mar 5, 2010
Authored by AlpHaNiX

Sagem routers remote reset exploit. It affects F@ST router models 1200/1240/1400/1400W/1500/1500-WG/2404.

tags | exploit, remote
SHA-256 | 6dd66d98a8ff326462c7d87ec26495683bd9141e9255e109ffa9173cb5e41ef6
Todd Miller sudoedit Root Exploit
Posted Mar 3, 2010
Authored by Kingcope

Todd Miller sudo 'sudoedit' local root exploit that affects 1.6.x versions before 1.6.9p21 and 1.7.x versions before 1.7.2p4.

tags | exploit, local, root
SHA-256 | 0bc5ddb8c9f78020b6fdf754af735e0f64922f9795dab864f38f4d35c23c24d5
iTunes 9.0 Buffer Overflow
Posted Feb 17, 2010
Authored by S2 Crew

iTunes file handling local buffer overflow exploit that creates a malicious .pls file. Affects version 9.0 on Mac OS X.

tags | exploit, overflow, local
systems | apple, osx
advisories | CVE-2009-2817
SHA-256 | 0d3d25fbf64ab5c281bc87376978e384c6e0c60f12194baa9a83445c36bdde3f
Safari 4.0.4 Denial Of Service
Posted Feb 8, 2010
Authored by 599eme Man

Safari version 4.0.4 remote denial of service with possible memory corruption exploit. r45c4l has noted that this code also affects Opera version 10.10 and Firefox version 3.5.7 and that it works on Windows 7 and Mac OS X.

tags | exploit, remote, denial of service
systems | windows, apple, osx
SHA-256 | 1de8981a66aafff330e11055d719e646e74a17a6ef5f71fd69190a9739809def
Joomla Kunena 1.5.4 SQL Injection
Posted Jan 31, 2010
Authored by bhunt3r

The Joomla Kunena component suffers from a remote blind SQL injection vulnerability. The researcher believes that this affects 1.5.9 but the author of the software has claimed that this only affects versions 1.5.4 and below.

tags | exploit, remote, sql injection
SHA-256 | e7a689b1c56bed9c9660f71ec06c232ea5ce0c6442d9306effe95e877117ba45
Debian Linux Security Advisory 1980-1
Posted Jan 29, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1980-1 - David Leadbeater discovered an integer underflow that could be triggered via the LINKS command and can lead to a denial of service or the execution of arbitrary code (CVE-2009-4016). This issue affects both, ircd-hybrid and ircd-ratbox.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2009-4016, CVE-2010-0300
SHA-256 | 0a6ecd8132d5653e5359b9dd2ff6f80c30c048776ddc6919626b811351537118
Debian Linux Security Advisory 1977-1
Posted Jan 27, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1977-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. It only affects the oldstable distribution (etch).

tags | advisory, denial of service, overflow, python
systems | linux, debian
advisories | CVE-2008-2316, CVE-2009-3560, CVE-2009-3720
SHA-256 | 28197fcb1e4306a91d0fa3becafcfc0ced03343e6c675879be0de7506a38c77d
Microsoft SQL Server sp_replwritetovarbin Memory Corruption
Posted Jan 5, 2010
Authored by jduck | Site metasploit.com

A heap-based buffer overflow can occur when calling the undocumented "sp_replwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine (MSDE) without the updates supplied in MS09-004. This exploit smashes several pointers, as shown below. 1. pointer to a 32-bit value that is set to 0 2. pointer to a 32-bit value that is set to a length influenced by the buffer length. 3. pointer to a 32-bit value that is used as a vtable pointer. In MSSQL 2000, this value is referenced with a displacement of 0x38. For MSSQL 2005, the displacement is 0x10. The address of our buffer is conveniently stored in ecx when this instruction is executed. 4. On MSSQL 2005, an additional vtable ptr is smashed, which is referenced with a displacement of 4. This pointer is not used by this exploit. There are two different methods used by this exploit, which have been named "writeNcall" and "sprayNbrute". The first, "writeNcall", was published by k'sOSe on Dec 17 2008. It uses pointers 2 and 3, as well as a writeable address. This method is quite reliable. However, it relies on the the operation on pointer 2. Newer versions of SQL server (>= 2000 SP3 at least) use a length value that is 8-byte aligned. This imposes a restriction that the code address that leads to the payload (jmp ecx in this case) must match the regex '.[08].[08].[08].[08]'. Unfortunately, no such addresses were found in memory. For this reason, the second method, "sprayNbrute" is used. First a heap-spray is used to prime memory with lots of copies of the address of our code that leads to the payload (jmp ecx). Next, brute force is used to try to guess a value for pointer 3 that points to the sprayed data. A new method of spraying the heap inside MSSQL is presented. Sadly, it only allows the creation of a bunch of 8000 byte buffers.

tags | exploit, overflow
systems | windows
advisories | CVE-2008-5416
SHA-256 | 132206feb12275d819fe75a51931368d87b85cda3a85d8d40fc77ff46d0342f7
Mandriva Linux Security Advisory 2009-333
Posted Dec 15, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-333 - NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates. The use of a CA that can be trusted to always issue valid certificates is recommended to ensure you are not vulnerable to this issue. Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities and CVE-2007-6600. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-4034, CVE-2009-4136
SHA-256 | b0183b27a8fc7627f3bd44ab708862e840411e39f26ee2fa2b5bfe9cb3094727
Apache module mod_rewrite LDAP protocol Buffer Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This Metasploit module requires REWRITEPATH to be set accurately. In addition, the target must have 'RewriteEngine on' configured, with a specific 'RewriteRule' condition enabled to allow for exploitation. The flaw affects multiple platforms, however this module currently only supports Windows based installations.

tags | exploit, overflow, protocol
systems | windows
advisories | CVE-2006-3747
SHA-256 | 96b871a0195d2591844969f9bba63abc59813d3e7296ce6634f95d37eb06d859
CA BrightStor Discovery Service TCP Overflow
Posted Nov 26, 2009
Authored by H D Moore, patrick | Site metasploit.com

This Metasploit module exploits a vulnerability in the CA BrightStor Discovery Service. This vulnerability occurs when a specific type of request is sent to the TCP listener on port 41523. This vulnerability was discovered by cybertronic@gmx.net and affects all known versions of the BrightStor product. This Metasploit module is based on the 'cabrightstor_disco' exploit by Thor Doomen.

tags | exploit, tcp
advisories | CVE-2005-2535
SHA-256 | 532219f28d50db309980d4c39dfa18dcf976499ccb5c9736a81297f410a80362
Minishare 1.4.1 Buffer Overflow
Posted Nov 26, 2009
Authored by acaro | Site metasploit.com

This is a simple buffer overflow for the minishare web server. This flaw affects all versions prior to 1.4.2. This is a plain stack overflow that requires a "jmp esp" to reach the payload, making this difficult to target many platforms at once. This Metasploit module has been successfully tested against 1.4.1. Version 1.3.4 and below do not seem to be vulnerable.

tags | exploit, web, overflow
advisories | CVE-2004-2271
SHA-256 | bf2dd8378c0c0c82b912aa8e98c2826676a3f7e41c1c019b8e7c7c3874814359
SlimFTPd LIST Concatenation Overflow
Posted Nov 26, 2009
Authored by riaf | Site metasploit.com

This Metasploit module exploits a stack overflow in the SlimFTPd server. The flaw is triggered when a LIST command is received with an overly-long argument. This vulnerability affects all versions of SlimFTPd prior to 3.16 and was discovered by Raphael Rigo.

tags | exploit, overflow
advisories | CVE-2005-2373
SHA-256 | 55e26861520e953f85b098982baa1fa9c82fe412aea320df41475c3eba5a0d70
Dogfood CRM spell.php Remote Command Execution
Posted Oct 30, 2009
Authored by LSO

This Metasploit module exploits a previously unpublished vulnerability in the Dogfood CRM mail function which is vulnerable to command injection in the spell check feature. Because of character restrictions, this exploit works best with the double-reverse telnet payload. This vulnerability was discovered by LSO and affects version 2.0.10.

tags | exploit
SHA-256 | d47d25f175832f723f8a69b2a5df882d82ea6fc211e6829459cf8e694f589f04
Arkeia Backup Client Type 77 Overflow
Posted Oct 28, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a stack overflow in the Arkeia backup client for the Mac OS X platform. This vulnerability affects all versions up to and including 5.3.3 and has been tested with Arkeia 5.3.1 on Mac OS X 10.3.5.

tags | exploit, overflow
systems | apple, osx
advisories | CVE-2005-0491
SHA-256 | ebc9848511c662d2d6efa684039176f4dfa816c15b3dfcced903cb341a9beab5
Opera historysearch XSS
Posted Oct 27, 2009
Authored by Aviv Raff, Roberto Suggi Liverani

Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to modify configuration settings and execute arbitrary commands. Affects Opera versions between 9.50 and 9.61.

tags | exploit, arbitrary
advisories | CVE-2008-4696
SHA-256 | 8ee97c6c137b092fb141c1b73dea46bcc91809906758777dbdcce9e2f67b0d2b
Adobe Acrobat Reader Array Overrun
Posted Oct 27, 2009
Authored by Felipe Andres Manzano

This is a detailed analysis regarding the U3D CLODProgressiveMeshDeclaration initialization array overrun that affects Adobe Acrobat Reader versions 7.x, 8.x, and 9.x. Exploit included.

tags | exploit, overflow
advisories | CVE-2009-2994
SHA-256 | c090417dc1342b3cda436100dd5256853c41e6b89eb64b311be1a05620d98e00
libc:fts_*() Denial Of Service
Posted Oct 2, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

libc:fts_*() suffers from multiple denial of service vulnerabilities. This affects multiple vendors.

tags | exploit, denial of service, vulnerability
SHA-256 | 60fdb0c5abb5e3ce9c4855e6377fd45eb308fb523b2c8e1b8e6eaf4ed9349437
Debian Linux Security Advisory 1871-2
Posted Aug 27, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1871-2 - The previous wordpress update introduced a regression when fixing CVE-2008-4769 due to a function that was not backported with the patch. Please note that this regression only affects the oldstable distribution (etch).

tags | advisory
systems | linux, debian
advisories | CVE-2008-6762, CVE-2008-6767, CVE-2009-2334, CVE-2009-2854, CVE-2009-2851, CVE-2009-2853, CVE-2008-1502, CVE-2008-4106, CVE-2008-4769, CVE-2008-4796, CVE-2008-5113
SHA-256 | 565a2e4f05dcf7aeeb6e8faf612d43fcbf48f13dfbd682a6ec3e14c0ad64284d
Debian Linux Security Advisory 1847-1
Posted Jul 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1847-1 - It was discovered that the BIND DNS server terminates when processing a specially crafted dynamic DNS update. This vulnerability affects all BIND servers which serve at least one DNS zone authoritatively, as a master, even if dynamic updates are not enabled. The default Debian configuration for resolvers includes several authoritative zones, too, so resolvers are also affected by this issue unless these zones have been removed.

tags | advisory
systems | linux, debian
advisories | CVE-2009-0696
SHA-256 | d960652c458b82724cffc42f08caf5a2da1661b518fb338a1238b9264835e4e6
Page 3 of 4

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By