Apple MacOS 32-Bit Syscall Exit Kernel Register Leak(CVE-2017-2509)

The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to userspace, unixsyscall in bsd/dev/i386/systemcalls.c calls threadexceptionreturn in osfmk/x8664/locore.s, which in turn...

Apple macOS - 32-bit syscall exit Kernel Register Leak Exploit

Exploit for macOS platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to...

Default Password 'meinsm' for 'Administrator' Account

The account 'Administrator' on the remote host has the default password 'meinsm'. A remote attacker can exploit this issue to gain administrative access to the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "Administrator"; password = "meinsm";...

Vulnerability in OpenSSL - EVP_EncryptUpdate overflow

An overflow can occur in the EVPEncryptUpdate function. If an attacker is able to supply very large amounts of input data after a previous call to EVPEncryptUpdate with a partial block then a length check can overflow resulting in a heap corruption. Following an analysis of all OpenSSL internal...

SSH User Code Execution Vulnerability

This Metasploit module utilizes a stager to upload a base64 encoded binary which is then decoded, chmod'ed and executed from the command shell. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for mo...

SSH User Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'net/ssh' class Metasploit3 'SSH User Code...

CentOS Update for wireshark CESA-2013:0125 centos5

Check for the Version of wireshark OpenVAS Vulnerability Test CentOS Update for wireshark CESA-2013:0125 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

ruby -- $SAFE escaping vulnerability about Exception#to_s/NameError#to_s

The official ruby site reports: Vulnerabilities found for Exceptiontos, NameErrortos, and nameerrmesgtos which is Ruby interpreter-internal API. A malicious user code can bypass $SAFE check by utilizing one of those security holes. Ruby's $SAFE mechanism enables untrusted user codes to run in $SA...

Microsoft Windows - (Authenticated) User Code Execution (Metasploit)

$Id: psexec.rb 11204 2010-12-02 17:29:26Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ =begin...

Default Password (testpass123) for 'root' Account

The account 'root' on the remote host has the password 'testpass123'. An attacker may leverage this to gain total control of the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "testpass123"; include'deprecatednasllevel.inc'; include'compat.inc';...

Default Password (dottie) for 'root' Account

The account 'root' has the password 'dottie'. An attacker may use this to gain further privileges on this system %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "dottie"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid31800;...

chernobiLe Portal 1.0 - 'default.asp' SQL Injection

Title : chernobiLe Portal 1.0 default.asp Remote SQL Injection Vulnerability Author : ajann Contact : : $$ : Not Free,Private Info : / Turk Script Eklememen konusunda guzelce uyarmistim,ukalaca tamam demistin Fakat hala birsey bulmus gibi bazi sitelerde bu raporlarin basligini aciyorsun.Urastigin...

CVE-2004-2372

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed...

GLSA-200409-05 : Gallery: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200409-05 Gallery: Arbitrary command execution The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file...

CVE-2001-0691

Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations...