Shellcode Builder: Shell Factory

Shellcode Builder: Shell Factory Shell Factory is a framework for compiling shellcodes from a C++ source for multiple systems and architectures. It is composed of multiple parts: a Rakefile for compiling and linking against different compilers and architectures. the factory, a set of C++ headers ...

Windows/x86 - Executable Directory Search Shellcode (130 bytes)

Title: Windows x86 - Executable directory search Shellcode 130 bytes Date: 26-02-2017 Author: Krzysztof Przybylski Platform: Winx86 Tested on: WinXP SP1 Shellcode Size: 130 bytes / Description: write & exec dir searcher starts from C:\ If dir found then write, execute ping 127.1.1.1 and exit If...

Windows x86 - Executable Directory Search Shellcode (130 bytes)

Windows x86 - Executable Directory Search Shellcode 130 bytes. Shellcode exploit for Winx86 platform Title: Windows x86 - Executable directory search Shellcode 130 bytes Date: 26-02-2017 Author: Krzysztof Przybylski Platform: Winx86 Tested on: WinXP SP1 Shellcode Size: 130 bytes / Description:...

Integer overflow

Integer overflow in the stringappends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow...

CVE-2016-2226

Integer overflow in the stringappends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow...

CVE-2016-2226

Integer overflow in the stringappends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow...

CVE-2016-2226

Integer overflow in the stringappends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow...

Microsoft Office Word Malicious Macro Execution

This module injects a malicious macro into a Microsoft Office Word document docx. The comments field in the metadata is injected with a Base64 encoded payload, which will be decoded by the macro and execute as a Windows executable. For a successful attack, the victim is required to manually enabl...

Cisco AsyncOS Software for Cisco ESA Filtering Bypass Vulnerability

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

CVE-2016-8354

An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...

UBUNTU-CVE-2015-8750

libdwarf 20151114 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and crash via a debugabbrev section marked NOBITS in an ELF file...

Microsoft Office Word Malicious Macro Execution Exploit

This Metasploit module generates a macro-enabled Microsoft Office Word document. The comments metadata in the data is injected with a Base64 encoded payload, which will be decoded by the macro and execute as a Windows executable. For a successful attack, the victim is required to manually enable...

SumatraPDF 3.1.2 DLL Hijacking

Hi @ll, the executable installer deg and the "portable" version of SumatraPDF 3.1.2 available from are vulnerable to DLL hijacking ': The executable installers SumatraPDF-3.1.2-install.exe and SumatraPDF-3.1.2-64-install.exe load and execute tested on a fully patched Windows 7 SP1 at least...

Microsoft Office Word Malicious Macro Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/zip' class MetasploitModule "Microsoft Office Word Malicious Macro Execution", 'Description' = %q This module generates a macro-enabled...

VMware Workstation Player Multiple Code Execution Vulnerabilities (Feb 2017) - Windows

VMware Workstation Player is prone to multiple code execution vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

UBUNTU-CVE-2016-2050

The getabbrevarrayinfo function in libdwarf-20151114 allows remote attackers to cause a denial of service out-of-bounds write via a crafted elf file...

GLSA-201701-69 : Ark: Unintended execution of scripts and executable files

The remote host is affected by the vulnerability described in GLSA-201701-69 Ark: Unintended execution of scripts and executable files A vulnerability was discovered in how Ark handles executable files while browsing a compressed archive. A user could unintentionally execute a malicious script...

Ark: Unintended execution of scripts and executable files

Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description A vulnerability was discovered in how Ark handles executable files while browsing a compressed archive. A user could unintentionally execute a malicious script which has the...

Foxit PDF Toolkit Detection (Windows SMB Login)

SMB login and WMI file search based detection of Foxit PDF Toolkit. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-5237

Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file...