The macro perspective of the office vulnerability, 2010-2018-a vulnerability warning-the black bar safety net

This article is for me at Bluehat Shanghai 2019 presentation of an extended summary. In this article, I will summarize the 2010 to 2018 years of Office-related 0day/1day vulnerability. I will be for each type of vulnerability do once carded, and for each vulnerability related to the analysis of t...

Linux Kernel < 4.15.4 - show_floppy KASLR Address Leak Exploit

Exploit for linux platform in category local exploits include include include include include include include include include include static int driveselectorint head return head 2; void fdrecalibrateint fd struct floppyrawcmd rawcmd; int tmp; rawcmd.flags = FDRAWINTR; rawcmd.cmdcount = 2; // set...

Metasploit Example Exploit

This exploit module illustrates how a vulnerability could be exploited in an TCP server that has a parsing bug. This is an example Metasploit module to be used for exploit development. This module requires Metasploit: http://metasploit.com/download Current source:...

Microsoft Power Point 2016 - Java Code Execution Exploit

Exploit for windows platform in category local exploits Exploit Title: Microsoft Power Point Java Payload Code Execution Exploit Author: Fady Mohamed Osman @fadyosman Demo Video : https://www.youtube.com/watch?v=DOJSUJK7hRo Video Tutorial : https://www.youtube.com/watch?v=Lih-iuXgEM Youtube...

Microsoft Internet Explorer 9 MSHTML - CDisp­Node::Insert­Sibling­Node Use-After-Free (MS13-037) (2)

Exploit for windows platform in category dos / poc !-- Source: http://blog.skylined.nl/20161208001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. I did not investigate this vulnerability thoroughly, so I cannot speculate ...

Apple Mac OSX - IOBluetoothHCIPacketLogUserClient Memory Corruption

Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=572 The OS data types OSArray etc are explicity not thread safe; they rely on their callers to implement the required locking to serialize all accesses and manipulations ...

Newtontree IT Services - Authentication Bypass Vulnerability

Newtontree IT Services suffers from a remote SQL injection vulnerability that allows for authentication bypass. Newtontree IT Services - Authentication Bypass Vulnerability =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact :...

CVE-2013-5065 Microsoft NDProxy.sys Privilege Escalation

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Xp recently broke a local kernel...

WordPress wptouch plugin SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress wptouch plugin SQL Injection Vulnerability Date: 2011-27-10 Author: longrifle0x software: Wordpress Tools: SQLMAP --------------- POST data --------------- http://www.site.com/wp-content/plugins/wptouch/ajax.php Exploi...

MediaMonkey Player Local Denial of Service (DoS)

Exploit for unknown platform in category dos / poc ================================================ MediaMonkey Player Local Denial of Service DoS ================================================ Download : http://download.cnet.com/MediaMonkey-Standard/3000-21414-10109807.html Author: Red-D3v1L...

Huawei MT882 Modem/Router Multiple Vulnerabilities

Exploit for unknown platform in category web applications ================================================== Huawei MT882 Modem/Router Multiple Vulnerabilities ================================================== Version: V100R002B020 ARG-T Firmware Release: 3.7.9.98 Target device ip 10.0.0.2:80...

Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64)

Exploit for linux platform in category local exploits ============================================================== Linux Kernel 2.6.19 udpsendmsg Local Root Exploit x86/x64 ============================================================== / second verse, same as the first CVE-2009-2698 udpsendmsg,...

SGI IRIX <= 6.5.28 (runpriv) Design Error Vulnerability

Exploit for irix platform in category local exploits ======================================================= SGI IRIX /etc/passwd'" su r00t -c "chown root:sys /tmp/passwd123 ; mv /tmp/passwd123 /etc/passwd ; chmod 644 /etc/passwd ; su" 0day.today 2018-01-02...

Willing Webcam 2.8 Licence Info Disclosure Local Exploit

Exploit for unknown platform in category local exploits ======================================================== Willing Webcam 2.8 Licence Info Disclosure Local Exploit ======================================================== / Willing Webcam 2.8 licence info disclosure local exploit by Kozan...