8491 matches found
Solaris 10 1/13 (SPARC) - (dtprintinfo) Local Privilege Escalation Exploit (1)
Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintcheckdirsparc.c - Solaris/SPARC FMT PoC Copyright c 2020 Marc...
Solaris 10 1/13 (Intel) - (dtprintinfo) Local Privilege Escalation Exploit(3)
Exploit Title: Solaris 10 1/13 Intel - 'dtprintinfo' Local Privilege Escalation 3 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 Intel / raptordtprintcheckdirintel2.c - Solaris/Intel FMT LPE Copyright c 2020...
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 2 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintcheckdirsparc2.c - Solaris/SPARC FMT LPE...
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
Exploit Title: Solaris 10 1/13 Intel - 'dtprintinfo' Local Privilege Escalation 3 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 Intel / raptordtprintcheckdirintel2.c - Solaris/Intel FMT LPE...
CTF-All-In-One
This is a comprehensive book on CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chaofei, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...
CTF-All-In-One
This is a book about CTF Capture The Flag competitions, specifically the Pwn binary exploitation module. The book is written by Yang Cheng, a member of L-Team, and is aimed at beginners. It covers the basics of binary security, including x86/x64 platforms, Linux systems, and the basics of exploit...
FortiWeb Format String Vulnerability
FortiWeb is a Web Application Firewall WAF that protects hosted web applications from attacks targeting known and unknown vulnerabilities. A format string vulnerability exists in FortiWeb 6.3.0 - 6.3.5. A remote attacker can exploit this vulnerability to read the contents of memory and retrieve...
CVE-2020-29018
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter...
CVE-2020-29018
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter...
Format string
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter...
CVE-2020-29018
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter...
CVE-2020-29018
FortiWeb (versions 6.3.0–6.3.5) is affected by CVE-2020-29018 due to a format string vulnerability in the redir parameter. An authenticated, remote attacker could read memory and exfiltrate sensitive data. The available connected documents confirm the affected product family and the root cause (f...
CVE-2020-29018
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter...
Fortinet FortiWeb 格式化字符串错误漏洞
FortiWeb is a Web Application Firewall WAF that protects hosted web applications from attacks targeting known and unknown vulnerabilities. A format string vulnerability exists in FortiWeb 6.3.0 - 6.3.5. A remote attacker can exploit this vulnerability to read the contents of memory and retrieve...
FortiWeb is vulnerable to a Format string vulnerability
A format string vulnerability in FortiWeb may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter...
Pivotal RabbitMQ 3.7.x < 3.7.21 / 3.8.x < 3.8.1 Denial of Service
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The 'X-Reason' HTTP Header can be...
pwntools
This repository is an offensive tool for binary exploitation. The primary vulnerability targeted by this tool is not explicitly stated in the provided context, but the tool is designed for binary exploitation, which suggests that it may be targeting a vulnerability that allows for code execution ...
(0Day) D-Link DCS-960L HNAP Cookie Format String Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-960L Wi-Fi cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie request header. The issue results fro...
(0Day) D-Link DCS-960L HNAP Login Cookie Format String Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-960L Wi-Fi cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of login action requests. The issue results from th...
CVE-2020-27523
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screenkey, displayname, browsername, and operationsystem parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of...