exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

x_hpux_11i_nls_ping.c
Posted Sep 29, 2004
Authored by Watercloud | Site xfocus.org

Local format string exploit for /usr/sbin/ping under HP-UX.

tags | exploit, local
systems | hpux
SHA-256 | 61a2363dd060c8177bf52b47dc06b4540cf1587f6845ea99052c44d06cb31e22

Related Files

Sage X3 Administration Service Authentication Bypass / Command Execution
Posted Jul 21, 2021
Authored by Aaron Herndon, Jonathan Peterson | Site metasploit.com

This Metasploit module leverages an authentication bypass exploit within Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service.

tags | exploit, arbitrary, protocol
advisories | CVE-2020-7387, CVE-2020-7388
SHA-256 | 11ca07000040b6eeef671ec41e35ce376417e3fd24529a7485ed79fb91760b98
nginx 1.20.0 DNS Resolver Off-By-One Heap Write
Posted May 26, 2021
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E. A network attacker capable of providing DNS responses to a nginx server can achieve Denial-of-Service and likely remote code execution. Due to the lack of DNS spoofing mitigations in nginx and the fact that the vulnerable function is called before checking the DNS Transaction ID, remote attackers might be able to exploit this vulnerability by flooding the victim server with poisoned DNS responses in a feasible amount of time.

tags | exploit, remote, spoof, code execution
advisories | CVE-2021-23017
SHA-256 | 3dfbbfc75ab8248919c960e6279f4525444e77d8b1532e2dc80da38820b690c4
Windows/x64 Inject All Processes With Meterpreter Reverse Shell Shellcode
Posted May 2, 2021
Authored by Bobby Cooke

655 bytes small 64-bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.

tags | shell, shellcode
systems | windows
SHA-256 | 9b8f41be48c0a71cc5b34fd0d409faea955538963763a4a5c5ca27e1ec4d2afb
YARA 4.0.3 Denial Of Service / Information Disclosure
Posted Feb 2, 2021
Authored by Luis Merino

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA version 4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file.

tags | exploit, denial of service, overflow, info disclosure
SHA-256 | 183f1463a17d86e57cdffc4bbe68da6feacd0ea4ddea585d5da2223c4199d865
Colin Percival's bsdiff 4.3 Memory Corruption
Posted Jul 10, 2020
Authored by Luis Merino

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival's bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries. Proof of concept included.

tags | exploit, proof of concept
advisories | CVE-2020-14315
SHA-256 | 643f39b2a94fbeb126dfc6e857751a1e90b11ec7a3a02e0368174a11f3c10689
Linux Password Protected Bindshell Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

272 bytes small Linux/x86_64 null free password protected bindshell shellcode.

tags | shellcode
systems | linux
SHA-256 | 3b354d90a8edf71f759af7fb2d5a48d129b38945626e7de89ff29bd0b2c1fa8f
Thunderbird libical Type Confusion
Posted Jun 14, 2019
Authored by Luis Merino

A type confusion has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash the process or leak information from the client system via calendar replies. Proof of concept included.

tags | exploit, remote, proof of concept
advisories | CVE-2019-11706
SHA-256 | ef2673a39e913d07181596a62fd8c9246e3d5812f7d9b077e77524dc51376013
Thunderbird libical Stack Buffer Overflow
Posted Jun 14, 2019
Authored by Luis Merino

A stack-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.

tags | exploit, remote, overflow, code execution, proof of concept
advisories | CVE-2019-11705
SHA-256 | 47c3eb61b29367d5a2946ff2994c08510a93a27c3f70aae7b73521d1c8fa4c8e
Thunderbird libical icalparser.c Heap Overflow
Posted Jun 14, 2019
Authored by Luis Merino

A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.

tags | exploit, remote, overflow, code execution
advisories | CVE-2019-11703
SHA-256 | fbc427324f7bbbd52b32d86534519facca35022c50ab621232e63a61a9d5146c
Thunderbird libical Heap Overflow
Posted Jun 14, 2019
Authored by Luis Merino

A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.

tags | exploit, remote, overflow, code execution, proof of concept
advisories | CVE-2019-11704
SHA-256 | 766c136bb2357c16dd4df02ef330217cd6ff8d8808169a3d9f9621d7f7750e6c
UA-Parser Denial Of Service
Posted Jan 11, 2019
Authored by Luc Gommans

UA-Parser versions 2015-05-14 and newer suffer from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-20164
SHA-256 | 0acdfe6d200f62f35fb36048c3e03749cf970f0711bd1c230d72001a59e8b804
xorg-x11-server 1.20.3 Privilege Escalation
Posted Oct 31, 2018
Authored by Marco Ivaldi

xorg-x11-server version 1.20.3 privilege escalation exploit.

tags | exploit
advisories | CVE-2018-14665
SHA-256 | 44e3595b1823ca1e39ba5878cc28006b66ed111988fc108df3838c650e54ef1b
mgetty 1.2.0 Buffer Overflow / Privilege Escalation
Posted Sep 20, 2018
Authored by Eric Sesterhenn

mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
advisories | CVE-2018-16741, CVE-2018-16742, CVE-2018-16743, CVE-2018-16744, CVE-2018-16745
SHA-256 | 5cde5e7365b154e8262b6205e6637682d79c5af218b7b7eaba96caf20fd7870a
HylaFAX 6.0.6 / 5.6.0 Uninitialized Pointer / Out Of Bounds Write
Posted Sep 20, 2018
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2018-17141
SHA-256 | a6ae5d3d4dedcc85875a8b486ef5cb3f062250e0ddef95b52ca59a9b77f9c066
Linux PAM 0.6.9 Authentication Replay
Posted Aug 14, 2018
Authored by Eric Sesterhenn

It is possible to replay an authentication by using a specially prepared smartcard or token in case pam-pkcs11 is compiled with NSS support. Furthermore two minor implementation issues have been identified. Linux PAM version 0.6.9 is affected.

tags | advisory
systems | linux
SHA-256 | b156716f0716691c0ca438fba63d6af0df228025140f98efed7f8babd73f2e70
Yubico 0.1.9 libykneomgr Out Of Bounds Read / Write
Posted Aug 14, 2018
Authored by Eric Sesterhenn

Yubico version 0.1.9 libykneomgr suffers from out of bounds read and write vulnerabilities.

tags | advisory, vulnerability
SHA-256 | f026402949671b5c7eaa93c8c450e63c93a2dd7a8bf17ecede7d2e2b8238938b
Apple Smart Card Services Memory Corruption
Posted Aug 14, 2018
Authored by Eric Sesterhenn

Attackers with local access can exploit security issues in the smartcard driver. These result in memory corruptions, which might lead to code execution. Since smartcards can be used for authentication, the vulnerabilities may allow an attacker to login to the system without valid credentials as any user.

tags | advisory, local, vulnerability, code execution
advisories | CVE-2018-4300, CVE-2018-4301
SHA-256 | 03f8a989d5a6ce06634983e336918a7bae2b2c343a199065eb0802f689d3a8c5
OpenSC 0.18.0 Buffer Overflow / Out Of Bounds Read
Posted Aug 14, 2018
Authored by Eric Sesterhenn

Multiple issues have been identified in OpenSC, ranging from stack based buffer overflows to out of bounds reads and writes on the heap. They can be triggered by malicious smartcards sending malformed responses to APDU commands. Additionally to those fixes reported here, a lot of minor issues (eg. OOB reads and similar) have been reported and fixed. Version 0.18.0 is affected.

tags | advisory, overflow
SHA-256 | 7cbf1ff1fb1b510bc49220cd0645d75c841ff20cdb39c8575a2bdfc1fe2b2b64
Yubico PIV Tool 1.5.0 Buffer Overflow
Posted Aug 14, 2018
Authored by Eric Sesterhenn

A buffer overflow and an out of bounds memory read were identified in the yubico-piv-tool-1.5.0, these can be triggered by a malicious token.

tags | advisory, overflow
advisories | CVE-2018-14779, CVE-2018-14780
SHA-256 | ba4bb77ccc36b888c9bfe1c04ac1e72de278a001510604b38d74fbc9bf952c81
PSFTPd Windows FTP Server 10.0.4 Build 729 Use-After-Free / Log Injection
Posted Nov 10, 2017
Authored by Markus Vervier, Eric Sesterhenn

PSFTPd Windows FTP Server version 10.0.4 Build 729 suffers from use-after-free, log injection, and various other vulnerabilities.

tags | exploit, vulnerability
systems | windows
advisories | CVE-2017-15269, CVE-2017-15270, CVE-2017-15271, CVE-2017-15272
SHA-256 | 2ab7fc41e437445992806fe81144885bb0a72f231da48d63855358ad4c080447
Shadowsocks-libev 3.1.0 Command Execution
Posted Oct 14, 2017
Authored by Niklas Abel

Shadowsocks-libev version 3.1.0 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 8aa4d9bfa1fdc7daf2bf705d5487612abef1c1807139246be24fa5f0b84b9113
Shadowsocks Log Manipulation / Command Execution
Posted Oct 14, 2017
Authored by Niklas Abel

Several issues have been identified, which allow attackers to manipulate log files, execute commands and to brute force Shadowsocks with enabled autoban.py brute force detection. Brute force detection from autoban.py does not work with suggested tail command. The key of captured Shadowsocks traffic can be brute forced. The latest commit 2ab8c6b on Sep 6, 2017 is affected.

tags | exploit
SHA-256 | c64eed8300f6f6714169306d2895cc8ef0dff3acc98056115f385ce1201d0c24
Peplink 7.0.0-build1904 XSS / CSRF / SQL Injection / File Deletion
Posted Jun 5, 2017
Authored by Eric Sesterhenn, Claus Overbeck

Peplink version 7.0.0-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2017-8835, CVE-2017-8836, CVE-2017-8837, CVE-2017-8838, CVE-2017-8839, CVE-2017-8840, CVE-2017-8841
SHA-256 | a35c1582b7882363268493dd6fbe070be8641b56ca33272bfb77a7e2594c12ff
X.org Privilege Escalation / Use-After-Free / Weak Entropy
Posted Mar 1, 2017
Authored by Eric Sesterhenn

X.org suffers from privilege escalation, weak entropy, and use-after-free vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-2624, CVE-2017-2625, CVE-2017-2626
SHA-256 | f72f05abe9036269c3ae97121d5341b234d6db2cbe445c9d8643a82f22648e4d
tnef 1.4.12 OOB Read / Write / Type Confusions / Integer Overflows
Posted Feb 24, 2017
Authored by Eric Sesterhenn

tnef versions 1.4.12 and below suffer from multiple integer overflows, type confusions, and out of bounds read and write vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | 5705b80ef5130f182eaa09743b3b19d2e17761e1bcc5443fc91394d3bdbe51e3
Page 1 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close