Lucene search
K

23 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.257 views

Windows IIS HTTP Protocol Stack Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows IIS HTTP Protocol Stack DOS', 'Description' = %q This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafte...

9.8CVSS7.4AI score0.99657EPSS
Exploits24
GithubExploit
GithubExploit
added 2022/11/22 9:10 a.m.125 views

Exploit for Use After Free in Microsoft

Home-Demolisher PoC for CVE-2021-31166 and CVE-2022-21907...

10CVSS9.9AI score0.99657EPSS
Exploits40
VulnCheck KEV
VulnCheck KEV
added 2022/03/24 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-31166

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution...

9.8CVSS7.6AI score0.99657EPSS
Exploits24References1
Metasploit
Metasploit
added 2022/03/17 5:52 p.m.514 views

Windows IIS HTTP Protocol Stack DOS

This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafted Accept-Encoding headers that was patched by Microsoft in May 2021, on vulnerable IIS servers. Successful exploitation will result in the target computer BSOD'ing before subsequently rebooting. Note that the...

9.8CVSS8.5AI score0.99657EPSS
Exploits24
GithubExploit
GithubExploit
added 2022/03/07 6:56 p.m.603 views

Exploit for Use After Free in Microsoft

CVE-2021-31166 Why I recently wrote an exploit for CVE-20...

9.8CVSS8.8AI score0.99657EPSS
Exploits24
GithubExploit
GithubExploit
added 2021/09/27 5:56 a.m.311 views

Exploit for Use After Free in Microsoft

PoC exploit for CVE-2021-31166, a Windows HTTP protocol stack re...

9.8CVSS9.1AI score0.99657EPSS
Exploits24
GithubExploit
GithubExploit
added 2021/07/03 2:54 p.m.116 views

Exploit for Use After Free in Microsoft

CVE-2021-31166-Exploit Exploit for MS Http Protocol Stack RCE...

9.8CVSS8.6AI score0.99657EPSS
Exploits24
ThreatPost
ThreatPost
added 2021/05/19 2:35 p.m.673 views

Windows PoC Exploit Released for Wormable RCE

A researcher has released a proof-of-concept PoC exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack http.sys that could lead to wormable remote code execution RCE. Microsoft discovered the flaw internally, releasing a patch in its May 11 Patch...

10CVSS9.2AI score0.99988EPSS
Exploits26References19
GithubExploit
GithubExploit
added 2021/05/19 7:50 a.m.65 views

Exploit for Use After Free in Microsoft

CVE-2021-31166 si...

9.8CVSS8.9AI score0.99657EPSS
Exploits24
Gitee
Gitee
added 2021/05/18 8:35 p.m.6 views

Exploit for Use After Free in Microsoft

CVE-2021-31166 is a remote code execution vulnerability in the HTTP protocol stack. It is a use-after-free dereference bug in the http!UlpParseContentCoding function. The bug occurs when the function appends items to a local list without nulling it out, leaving them dangling in the Request object...

9.8CVSS8.8AI score0.99657EPSS
Exploits24
GithubExploit
GithubExploit
added 2021/05/17 11:54 p.m.265 views

Exploit for Use After Free in Microsoft

CVE-2021-31166 Detection of attempts to exploit CVE-2021-31166...

9.8CVSS9.1AI score0.99657EPSS
Exploits24
GithubExploit
GithubExploit
added 2021/05/17 7:55 p.m.146 views

Exploit for Use After Free in Microsoft

CVE-2021-31166 Detection Rules Different rules to detect if CV...

9.8CVSS8.8AI score0.99657EPSS
Exploits24
GithubExploit
GithubExploit
added 2021/05/17 11:12 a.m.199 views

Exploit for Use After Free in Microsoft

CVE-2021-31166 0x00.Description This is a proof of concept...

9.8CVSS9AI score0.99657EPSS
Exploits24
GithubExploit
GithubExploit
added 2021/05/17 11:12 a.m.8 views

Exploit for Use After Free in Microsoft

CVE-2021-31166 0x00.Description This is a proof of concept...

9.8CVSS7.4AI score0.99657EPSS
Exploits24
Circl
Circl
added 2021/05/12 1:59 p.m.12 views

CVE-2021-31166

creationtimestamp| type| source ---|---|--- 2021-05-12 13:59:45+00:00| seen| https://t.me/thehackernews/1212 2021-05-15 14:00:18+00:00| seen| https://t.me/HackerOne/3005 2021-05-17 06:35:10+00:00| published-proof-of-concept| https://t.me/cKure/5378 2021-05-17 12:23:36+00:00|...

9.8CVSS7.4AI score0.99657EPSS
Exploits24References35
Malwarebytes
Malwarebytes
added 2021/05/12 12:46 p.m.423 views

Get patching! Wormable Windows flaw headlines Patch Tuesday

It looks like patching a wormable Remote Code Execution RCE bug in the HTTP stack of Windows 10 and Windows Server is likely to be top of most sysadmins todo lists after reading Mays Patch Tuesday updates. The monthly bug bonanza also features three other critical items among its 55 patches...

10CVSS10AI score0.99999EPSS
Exploits154
The Hacker News
The Hacker News
added 2021/05/12 9:15 a.m.127 views

Latest Microsoft Windows Updates Patch Dozens of Security Flaws

Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. Of these 55 bugs, four are rated as Critical, 50 are rated as Important, and one ...

9.9CVSS9.1AI score0.99782EPSS
Exploits43
Check Point Advisories
Check Point Advisories
added 2021/05/12 12:0 a.m.17 views

Microsoft HTTP Protocol Stack Remote Code Execution (CVE-2021-31166)

A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS3.9AI score0.99657EPSS
Exploits24
Rapid7 Blog
Rapid7 Blog
added 2021/05/11 11:44 p.m.189 views

Patch Tuesday - May 2021

Here we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of the...

9.3CVSS0.5AI score0.99782EPSS
Exploits53
Krebs on Security
Krebs on Security
added 2021/05/11 8:28 p.m.96 views

Microsoft Patch Tuesday, May 2021 Edition

Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. On deck this month are...

7.6CVSS0.7AI score0.99657EPSS
Exploits29
Rows per page
Query Builder