Sony PlayStation 4 (PS4) versions prior to 6.20 webkit code execution proof of concept exploit.
64b616b09a63dc016eada1c0c7754a6cRealTerm Serial Terminal version 2.0.0.70 suffers from an echo port buffer overflow vulnerability. Modifications to the original proof of concept include the fact that it uses a larger payload size for shellcode due to different jump offsets and filters the bad character 0x3a as this is the character for port which causes an error ":".
9b31bdb38b680b223198f700a17dcfa6Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 remote code execution proof of concept exploit.
3aee84bd66a663648cc9a1aadcd3d032Microsoft Edge Chakra version 1.11.4 read permission via type confusion proof of concept exploit.
fdfbeed046784671787a8891b3bcd7f8Drupal versions 8.6.9 and below REST service remote code execution proof of concept exploit.
4986eea49c4c20d968ca236b18bdcac1A multitude of security issues exist within STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks. This is the full release of both the whitepaper and dozens of proof of concept details.
36463dd0c95db85c29e0f6e7d4033996Memu Play version 6.0.7 privilege escalation proof of concept exploit.
2f26018a6ea0589879b43a7afef1a851This exploit bypasses access control checks to use a restricted API function (POST /v2/snaps) of the local snapd service. This allows the installation of arbitrary snaps. Snaps in "devmode" bypass the sandbox and may include an "install hook" that is run in the context of root at install time. dirty_sockv2 leverages the vulnerability to install an empty "devmode" snap including a hook that adds a new user to the local system. This user will have permissions to execute sudo commands. As opposed to version one, this does not require the SSH service to be running. It will also work on newer versions of Ubuntu with no Internet connection at all, making it resilient to changes and effective in restricted environments. This exploit should also be effective on non-Ubuntu systems that have installed snapd but that do not support the "create-user" API due to incompatible Linux shell syntax. Some older Ubuntu systems (like 16.04) may not have the snapd components installed that are required for sideloading. If this is the case, this version of the exploit may trigger it to install those dependencies. During that installation, snapd may upgrade itself to a non-vulnerable version. Testing shows that the exploit is still successful in this scenario. This is the second of two proof of concepts related to this issue. Versions below 2.37.1 are affected.
e9db49ddfa940a474a61af831e403fe3This exploit bypasses access control checks to use a restricted API function (POST /v2/create-user) of the local snapd service. This queries the Ubuntu SSO for a username and public SSH key of a provided email address, and then creates a local user based on these value. Successful exploitation for this version requires an outbound Internet connection and an SSH service accessible via localhost. This is one of two proof of concepts related to this issue. Versions below 2.37.1 are affected.
0dcbfdab6f37dbe3458ba63c7f68ffc7runc versions prior to 1.0-rc6 (Docker < 18.09.2 host command execution proof of concept exploit.
4c9bbc256e33551d234d6062a2f9d9a8River Past Audio Converter version 7.7.16 denial of service proof of concept exploit.
02b6fb485b21ee34945ef72cb05ca9e1Device Monitoring Studio version 8.10.00.8925 denial of service proof of concept exploit.
8e87f007e01aa3082e704d734b2d9e09LibSSH versions 0.7.6 and 0.8.4 unauthorized access proof of concept exploit.
b72473cb445228a611c955229548f5aaRemote Process Explorer version 1.0.0.16 denial of service proof of concept exploit with SEH overwrite.
c6545e34b4b586d8d94e80af7c754321FlexHEX version 2.46 denial of service proof of concept exploit with SEH overwrite.
c88caddada53e191e4cd6969d144f8d1Advanced Host Monitor version 11.90 Beta registration number denial of service proof of concept exploit.
9b45d9752d7336e436b882a3ea7ee9e0Advanced File Manager version 3.4.1 denial of service proof of concept exploit.
bdf06eb3f4224acb235334304ae28ef1IP-Tools version 2.50 denial of service SEH overwrite proof of concept exploit.
c16d7e82936663bab7dd19978c93e5f9Necrosoft DIG version 0.4 denial of service SEH overwrite proof of concept exploit.
31a32a06eac7e6728d0a318e795237ecResearchers discovered a way to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() methods when symmetric encryption is used. The supplied passphrase is not validated for newlines, and the library passes --passphrase-fd=0 to the gpg executable, which expects the passphrase on the first line of stdin, and the ciphertext to be decrypted or plaintext to be encrypted on subsequent lines. By supplying a passphrase containing a newline an attacker can control/modify the ciphertext/plaintext being decrypted/encrypted. Proof of concept exploit included. Version 0.4.3 is affected.
e016c88b0480fac6a3d286a496f1edacMicrosoft Windows VCF or Contact file URL manipulation arbitrary code execution proof of concept exploit. Tested on Windows 7 SP1, 8.1, 10 v.1809 with full patches up to January 2019. Both x86 and x64 architectures were tested.
094fed868f7fb979125879d67bb9e5a4unCaptcha2 is a proof of concept that defeats the latest version of ReCaptcha with 91% accuracy as of January, 2019.
324783751fd33b1eca1f3a4a4c58cf33Armitage version 1.14.11 denial of service proof of concept exploit.
7d88223dda5f792f87ac9c9c1fa98f1dNetShareWatcher version 1.5.8 denial of service proof of concept exploit.
c658449d9705d7121cbd705ac8bf8b06ShareAlarmPro version 2.1.4 denial of service proof of concept exploit.
102923f5ffe5016b2cd399b417621780
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed