Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. They successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. A basic proof of concept (a crasher) is attached to this advisory.
2739ab8c7448e7ea41f28d5e97efa32aProof of concept code for a time-based blind remote SQL injection vulnerability in Online Shopping Portal version 3.1. This is a variant of the original discovery of SQL injection in this version by Umit Yalcin in July of 2020.
4f65a9a04d5b6e35d86e2c743c2dc565XNU suffers from a network stack kernel heap overflow due to an out-of-bounds memmove in 6lowpan. Proof of concept code included.
9333b7751aa7686ac0ca4c62a49c3d4eThis is a proof of concept for a Windows TCP/IP denial of service vulnerability due to a NULL dereference in tcpip.sys. This was patched by Microsoft in February 2021. It is triggerable remotely by sending malicious UDP packet over IPv6.
603e905801bb4f31bf554bafa86b2826Proof of concept exploit for an out-of-bounds access vulnerability in the Realtek RTKVHD64.sys, leading to pool corruption.
61c0be3a39d9a150ecd6ecc535ae3063This is a proof of concept for CVE-2021-28476 ("Hyper-V Remote Code Execution Vulnerability"), an arbitrary memory read in vmswitch.sys (network virtualization service provider) patched by Microsoft in May 2021.
f030942316606ad6079ada92310ac838Proof of concept exploit for a path traversal vulnerability in Pallets Werkzeug version 0.15.4.
262f237db7999ab766781c5e99c59463PrintNightmare remote code execution proof of concept exploit for the Windows Spooler Service.
18a157d3de35ba9fba2bda057819d0adThis is the Impacket implementation of the PrintNightmare proof of concept originally created by Zhiniang Peng and Xuefeng Li that leverages a privilege escalation vulnerability in the Windows Print Spooler.
22a0e1a00b3142f5f762d0e3fa1470aaThis document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.
f480e11bbb87f0689d864f58c065154dKnFTP Server version 1.0.0 LIST denial of service proof of concept exploit.
a72acf4b3f794d9350cade34d6f0dfdbPCMan FTP Server version 2.0.7 USER denial of service proof of concept exploit.
17efc6e256a96524ee05c5544add1ecdmemono Notepad 4.2 denial of service proof of concept exploit.
02eea882c45475062dbace15b6daf8a6EasyFTP Server version 1.7.0.11 XRMD denial of service proof of concept exploit.
7f3bbe6bd85382a8eea6762baae721d3Proof of concept exploit for a remote code execution vulnerability in Microsoft's RDP service.
ba1bc2933bf6b851671dc70d3284245cExim versions prior to 4.90.1 remote buffer overflow proof of concept exploit.
6468b402efc15ca33e2db61638ca5cb9Cisco SD-WAN vManage version 19.2.2 remote root shell proof of concept exploit that leverages multiple vulnerabilities.
a4bd588c350b9a327fc445d03fadab85Proof of concept exploit for the OpenSLP heap overflow in VMware ESXi versions 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, and 6.5 before ESXi650-202102101-SG.
74b3fa0ce957d3e82fb4eb6c32a6c8f6DupTerminator version 1.4.5639.37199 denial of service proof of concept exploit.
055b8b8e2d4f5efb50ab336161341836Postbird version 0.8.4 suffers from cross site scripting, local file inclusion, and insecure data storage vulnerabilities. Included in this archive is a whitepaper and proof of concept exploit.
f60c4ad77076831e6c6210dffcd07d54The document in this archive illustrates using the included proof of concept exploit to achieve root on Ubuntu systems using a flaw in the OverlayFS file system. The exploit itself does not have author attribution as the proof of concept came through SSD Disclosures.
f594195ba35e11d203cb280d4aa0e967PHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor.
68b81a413521d514b1b67f8bde5a5138RarmaRadio version 2.72.8 denial of service proof of concept exploit.
e3972881c8a84c8b53c0c3119a4c0df4Proof of concept exploit for the HTTP protocol stack remote code execution vulnerability related to a use-after-free dereference in http.sys.
231a2e9926b68408725ba7d1ab0d8acdxscreensaver suffers from a raw socket leak vulnerability. Proof of concept exploit demonstrates running tcpdump via this issue.
48106b83c9aba927ebf03a5ccbadc196
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed