Результаты поиска

Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth -----=====[ Background ]=====----- AFDKO (Adobe Font Development Kit for OpenType) is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font...

Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes -----=====[ Background ]=====----- AFDKO (Adobe Font Development Kit for OpenType) is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling...

EFS Easy Chat Server 3.1 - Remote Buffer Overflow (SEH) # Exploit Title: Easy Chat Server User Registeration Buffer Overflow (SEH) # Date: 09/10/2017 # Software Link: http://echatserver.com/ecssetup.exe # Exploit Author: Aitezaz Mohsin # Vulnerable Version: v2.0 to v3.1 # Vulnerability Type...

Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts -----=====[ Background ]=====----- The Microsoft Font Subsetting DLL (fontsub.dll) is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on...

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access /* For constructors, Spidermonkey implements a "definite property analysis" [1] to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the...

VMware vSphere Data Protection 5.x/6.x - Java Deserialization #!/usr/bin/env python import socket import sys import ssl def getHeader(): return '\x4a\x52\x4d\x49\x00\x02\x4b' def payload(): cmd = sys.argv[4] cmdlen = len(cmd) data2 =...

EFS Easy Chat Server 3.1 - Password Disclosure # Exploit Title: Easy Chat Server Remote Password Disclosure # Date: 09/10/2017 # Software Link: http://echatserver.com/ecssetup.exe # Exploit Author: Aitezaz Mohsin # Vulnerable Version: v2.0 to v3.1 # Vulnerability Type: Pre-Auth Remote Password...

EFS Easy Chat Server 3.1 - Password Reset # Exploit Title: Easy Chat Server Remote Password Reset # Date: 09/10/2017 # Software Link: http://echatserver.com/ecssetup.exe # Exploit Author: Aitezaz Mohsin # Vulnerable Version: v2.0 to v3.1 # Vulnerability Type: Pre-Auth Remote Password Reset #...

Artifex MuPDF mujstest 1.10a - Null Pointer Dereference Source: http://seclists.org/oss-sec/2017/q1/458 Description: Mujstest, which is part of mupdf is a scriptable tester for mupdf + js. A crafted image posted early for another issue, causes a stack overflow. The complete ASan output: #...

VMware Workstation 12 Pro - Denial of Service /* * Title: NULL pointer dereference vulnerability in vstor2 driver (VMware Workstation Pro/Player) * CVE: 2017-4916 (VMSA-2017-0009) * Author: Borja Merino (@BorjaMerino) * Date: May 18, 2017 * Tested on: Windows 10 Pro and Windows 7 Pro...

Linux Kernel - 'ping' Local Denial of Service // Source: https://raw.githubusercontent.com/danieljiang0415/android_kernel_crash_poc/master/panic.c #include <stdio.h> #include <sys/socket.h> #include <arpa/inet.h> #include <stdlib.h> static int sockfd = 0; static struct sockaddr_in addr = {0}...

Linux Kernel < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service /* Source: https://bugzilla.novell.com/show_bug.cgi?id=1034862 QA REPRODUCER: gcc -O2 -o CVE-2017-7472 CVE-2017-7472.c -lkeyutils ./CVE-2017-7472 (will run the kernel out of memory) */ #include <sys/types.h>...

PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption Source: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html summary: Vulnerability: integer overflow permits memory overwrite by forwarded ssh-agent connections class: vulnerability...

Artifex MuPDF - Null Pointer Dereference Source: https://bugs.ghostscript.com/show_bug.cgi?id=697500 POC to trigger null pointer dereference (mutool) After some fuzz testing I found a crashing test case. Git HEAD: 8eea208e099614487e4bd7cc0d67d91489dae642 To reproduce: mutool convert -F cbz...

WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting DefenseCode WebScanner DAST Advisory WordPress Tribulant Newsletters Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-01-012 Advisory Title: WordPress Tribulant...

DC/OS Marathon UI - Docker (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient...

Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting [+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-PERSISTENT-XSS.txt [+] ISR: ApparitionSec Vendor...

Wireshark 2.2.6 - IPv6 Dissector Denial of Service Build Information: TShark (Wireshark) 2.3.0 (v2.3.0rc0-3369-g2e2ba64b72) Copyright 1998-2017 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU GPL version 2 or later...

Wireshark 2.2.0 < 2.2.12 - ROS Dissector Denial of Service Source: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637 Build Information: TShark (Wireshark) 2.3.0 (v2.3.0rc0-3235-gd97ce76161) Copyright 1998-2017 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU...

Home Web Server 1.9.1 (build 164) - Remote Code Execution # Exploit Title: Home Web Server 1.9.1 build 164 - CGI Remote Code Execution # Date: 26/05/2017 # Exploit Author: Guillaume Kaddouch # Twitter: @gkweb76 # Blog: https://networkfilter.blogspot.com # GitHub...

LibreNMS 1.46 - 'addhost' Remote Code Execution #!/usr/bin/python ''' # Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution # Date: 24/12/2018 # Exploit Author: Askar (@mohammadaskar2) # CVE : CVE-2018-20434 # Vendor Homepage: https://www.librenms.org/ # Version: v1.46 # Tested...

Subsonic 6.1.1 - XML External Entity Injection [+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-XML-EXTERNAL-ENITITY.txt [+] ISR: ApparitionSec Vendor: ================...

Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion The following program (found through fuzzing and manually modified) crashes Spidermonkey built from the current beta channel and Firefox 66.0.3 (current stable): // Run with --no-threads for increased reliability...

Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

DNSTracer 1.8.1 - Buffer Overflow (PoC) ################ #Exploit Title: DNSTracer Stack-based Buffer Overflow #CVE: CVE-2017-9430 #CWE: CWE-119 #Exploit Author: Hosein Askari (FarazPajohan) #Vendor HomePage: http://www.mavetju.org #Version : 1.8.1 #Tested on: Parrot OS #Date: 04-06-2017...