sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
0013f2e6caa2f485ba5ab824129df1bdFTPShell Server version 6.90 buffer overflow proof of concept exploit.
9718fbd811cb07974f8ee049fd1df66dNetPCLinker version 1.0.0.0 SEH with egghunter shellcode buffer overflow exploit.
e76e96a4dcb2e6ca5a001536d6231df6This document describes a stack overflow vulnerability that was found in October, 2019 and presented in the Pwn2Own Mobile 2019 competition in November 2019. The vulnerability is present in the UPNP daemon (/usr/sbin/upnpd), running on NETGEAR R6700v3 router with firmware versions V1.0.4.82_10.0.57 and V1.0.4.84_10.0.58. It allows for an unauthenticated reset of the root password and then spawns a telnetd to remotely access the account.
994306f3ed8a91beb01786f127028f55LanSpy version 2.0.1.159 stack buffer overflow exploit that adds a user.
b0153a74496953acb5708e0d11dbf08dRed Hat Security Advisory 2020-2683-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include an integer overflow vulnerability.
b3c5fadf7a7b98529b7b44c779c51cfeCode Blocks version 17.12 File Name SEH unicode local buffer overflow exploit.
068c265e735a68bda5f57b1a8fe5b2d2Netgear R7000 router remote code execution exploit that leverages a pre-authentication memcpy-based stack buffer overflow vulnerability.
832965bf963f3fdca37587799fa0b265TP-LINK Cloud Cameras NCXXX suffer from a DelMultiUser stack overflow vulnerability.
2e5485e5a29b2903236f12f546e6d0e6This Metasploit module exploits a buffer overflow vulnerability in Documalis Free PDF Scanner.
f56f15d388c1d0ecf1f22b2d38965fbcThis Metasploit module exploits a buffer overflow vulnerability in Documalis Free PDF Editor.
1357b84468b930c817c8e8dbb04ca998Gentoo Linux Security Advisory 202006-14 - A buffer overflow in the PEAR module Archive_Tar might allow local or remote attacker(s) to execute arbitrary code. Versions below 1.4.5 are affected.
a3b9a32b7e277d50593b70c010688890Frigate Professional version 3.36.0.9 Find Computer local SEH buffer overflow proof of concept exploit.
2ee6ecfe6cd001a5ed955bb8fdc8e6c8Red Hat Security Advisory 2020-2522-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, double free, integer overflow, memory leak, null pointer, and use-after-free vulnerabilities.
89f1f9cf40446f2816ba9234dd52e3deRed Hat Security Advisory 2020-2508-01 - Expat is a C library for parsing XML documents. Issues addressed include buffer overflow and integer overflow vulnerabilities.
92dedaaa3704e44c025fd64608fe4705Red Hat Security Advisory 2020-2505-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.
04882ecd26e1dc285ccb37c592f2143dThis research discusses two different vulnerabilities addressed in the June 2020 Microsoft Patch Tuesday. An integer overflow in OLE marshalling and a race condition with arbitrary file deletion are described in detail.
d0d7691eecbbd82916538605ee2bdfa4Ubuntu Security Notice 4392-1 - It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
2a8d26a4c0fc30acb37659ae44687215Ubuntu Security Notice 4393-1 - It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
1c2083f7dc6855a4a9ae2d20008669a7Bandwidth Monitor version 3.9 full ROP buffer overflow exploit with SEH, DEP, and ASLR taken into consideration.
e485411f8850c19591908825d56fde0fHFS Http File Server version 2.3m build 300 suffers from a remote buffer overflow vulnerability that can lead to a denial of service.
ff26db6a52d5ae8326efc24dc1754c4410-Strike Bandwidth Monitor version 3.9 ROP VirtualAlloc buffer overflow exploit with SEH, DEP, and ASLR.
62c59edf3af57cd07c3c6f2a164c81b8This is a brief whitepaper that discusses buffer overflows and analysis with the Immunity Debugger.
8f7fc3fa0d5d5b5b815394c941ee52dfFrigate version 3.36.0.9 local buffer overflow proof of concept exploit.
bf16e2a42e2abd01b5d4ef1dfed28c5fQuick Player version 1.3 suffers from a buffer overflow vulnerability.
e67b33e14043370c6b44a10737fb827c
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed