This paper and proof of concept describes the Wiederganger-Attack, a new attack vector that reliably allows to escalate unbounded array access vulnerabilities occurring in specifically allocated memory regions to full code execution on programs running on i386/x86_64 Linux. Wiederganger-attacks abuse determinism in Linux ASLR implementation combined with the fact that (even with protection mechanisms such as relro and glibc's pointer mangling enabled) there exist easy-to-hijack, writable (function) pointers in application memory.
9450ff4b4e1f182c2f3845ea9c3bdb86There is a use-after-free vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. There are possibly two vulnerabilities triggerable by the same proof of concept included.
d336251c8030f4420eac4b15ed1e6a78knc (Kerberised NetCat) versions before 1.11-1 are vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another service running on the targeted host. Proof of concept included.
ae47c891e14b49e09ebf721184f792e1phpMyAdmin version 4.8.1 authenticated local file inclusion proof of concept exploits.
35dcecce1b2b42eba5e229267b8db14bmacOS version 10.13 workq_kernreturn denial of service proof of concept exploit.
f4f5e8b2df78998f0e595a8f21d1072entpd version 4.2.8p10 out-of-bounds read proof of concept exploit.
a3796c56972d661561564cb59bda9084CuteFTP Mac version 3.1 denial of service proof of concept exploit.
f3f40dad0d7e66644372dd7e345a952cThis is a proof of concept exploit of the PortSmash micro-architecture vulnerability that makes use of an SMT side-channel attack.
64a5a64e0fea774c36ab60f8ecdef54bSIPp version 3.3.990 local buffer overflow proof of concept exploit.
00bccdabe0cb799dfd74de07201294dbModbus Slave PLC 7 .msw buffer overflow proof of concept exploit.
6bebf0422799ee464534dc7b276b419dNavicat version 12.0.29 denial of service proof of concept exploit.
cd1f8ee9766f45ed6126fbf6d719e8a5BORGChat version 1.0.0 build 438 denial of service proof of concept exploit.
bb4303232ac8abac5a8706da2f19958fMicrosoft Data Sharing local privilege escalation proof of concept exploit.
19b3b9b54f750224bfd2143dfd869414This write up provides a proof of concept with technical details for the git submodule arbitrary code execution vulnerability.
8b90c70cc560ce019f65408cbaa40ac8Any Sound Recorder version 2.93 SEH buffer overflow proof of concept exploit.
f5fb77e98de076631c98311e585cfc4bProof of concept exploit for a Mozilla Firefox picture drag and drop security bypass vulnerability. Tested on versions 3.6.10 up to 62.0.3. Password to decompress this archive is ff2018.
c0ab6d5441042f89254f529c0672f9baSnes9K version 0.0.9z SEH buffer overflow proof of concept exploit.
0caff62b4d05903631b2244c955205adFull advisory and proof of concept information for denial of service vulnerabilities in net-snmp version 5.7.3.
36541b91fda31ad3e20703dbd494c043Beyond Remote version 2.2.5.3 denial of service proof of concept exploit.
f257a1ab99b324ce0cc42d5bb0648107SoftX FTP Client version 3.3 denial of service proof of concept exploit.
e1574937ee9ff0b6970d80d786625614Termite version 3.4 denial of service proof of concept exploit.
cf50f949171b4a18b9b77767ebbb63ccudisks2 version 2.8.0 denial of service proof of concept exploit.
ad2dce68d0a56d9b5577738d9a790315iCash version 7.6.5 denial of service proof of concept exploit.
575029da672ed1008fda57b16b6bd15bPDF Explorer version 1.5.66.2 denial of service proof of concept exploit.
19ec768800583a68e1366a49f4d36e0bPixGPS version 1.1.8 denial of service proof of concept exploit.
a27bc6564d063c2098a8c1a4a642d1cc
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed