DiskBoss Enterprise 7.5.12 - 'POST' Remote Buffer Overflow (SEH)

!/usr/bin/python Exploit Title: DiskBoss Enterprise 7.5.12 SEH + Egghunter Buffer Overflow Date: 10-01-2017 Exploit Author: Wyndell Bibera Software Link: http://www.diskboss.com/setups/diskbossentsetupv7.5.12.exe Version: 7.5.12 Tested on: Windows XP Professional SP3 import socket ip =...

Windows/x64 - Bind Shell TCP Shellcode (508 bytes)

/ Title : Windows x64 Bind Shell TCP Shellcode size : 508 bytes Date : 08-12-2016 Author : Roziul Hasan Khan Shifat Tested On : Windows 7 Professional x64 / / section .text global start start: xor rdx,rdx mov rax,gs:rdx+0x60 mov rsi,rax+0x18 mov rsi,rsi+0x10 lodsq mov rsi,rax mov r14,rsi+0x30...

UBUNTU-CVE-2016-8646

The hashaccept function in crypto/algifhash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service OOPS by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data...

Disk Savvy Enterprise 9.1.14 Buffer Overflow

!/usr/bin/python print "Disk Savvy Enterprise 9.1.14 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM You do not need to be authenticated, password below is...

International Components for Unicode/C++ Denial of Service Vulnerability

International Components for Unicode ICU is a set of libraries for the C/C++ and Java programming languages to manipulate Unicode data, and an open source project to support the internationalization of software. The 'ulocacceptLanguageFromHTTP' function in the common/uloc.cpp file of Internationa...

PHP locale_accept_from_http Denial of Service Vulnerability

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. The ext/intl/locale/localemethods.c/localeacceptfromhttp function in versions prior to PHP 5.5.38, 5.6.x prior to 5.6.24, and 7.x prior to 7.0.9 does not...

ALPINE-CVE-2016-6293

The ulocacceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode ICU through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service out-of-bounds read or...

Internet Bug Bounty: locale_accept_from_http out-of-bounds access

Bug https://bugs.php.net/bug.php?id=72533 Reported to PHP 2016-07-03 04:03 UTC Patch: 2016-07-19 08:55 UTC http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 Fixed for PHP 5.5 security only mode, PHP 5.6, PHP 7.0 http://php.net/ChangeLog-5.php...

Linux/x86 - Bind Shell Port 4444/TCP Shellcode (98 bytes)

/ Linux x86 TCP Bind Shell Port 4444 98 bytes Author: sajith Tested on: i686 GNU/Linux Shellcode Length: 98 SLAE - 750 ------------c prog ---poc by sajith shetty---------- include include include include include int mainvoid int sockfiledes, clientfd; struct sockaddrin sockad; //1we need to creat...

Radancy: Application error message

Attack details HTTP Header input X-Forwarded-For was set to 12345'"'";|%00%0d%0a%bf%27'??? Error message found: Warning: inetpton function.inet-pton: Unrecognized address 12345'"\'\";|%00%0d%0a%00%bf%27' in...

kernel: SCTP denial of service during timeout

A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctpaccept during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a deni...

Linux ARM Big Endian Command Shell, Bind TCP Inline

Listen for a connection and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 118 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def...

pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...

pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...

Regular Expression Denial of Service

Overview Affected versions of negotiator are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted Accept-Language header value. Recommendation Update to version 0.6.1 or later. References GitHub Advisory...

kernel: SCTP denial of service during timeout

A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctpaccept during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a deni...

Linux/x86-64 - Bind 1472/TCP Shellcode (IPv6) (199 bytes)

/ Title : Linux x8664 bind tcp : port 1472 ipv6 Date : 02/05/2016 Author : Roziul Hasan Khan Shifat Tested On : Ubuntu 14.04 LTS x8664 Contact : email protected / / section .text global start start: ;;socket xor rax,rax push 6 push 0x1 push 10 pop rdi pop rsi pop rdx mov al,41 ;socket syscall...

PCRE and PCRE2 'compile_branch' function denial of service vulnerability

PCRE is an open source regular expression library written in C. PCRE2 is an API for modifying PCRE. The 'compilebranch' function of PCRE and PCRE2 failed to properly handle regular expressions containing 'ACCEPT' substrings and nested parentheses. A remote attacker submitting a specially crafted...

ALPINE-CVE-2016-3191

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...

DEBIAN-CVE-2016-3191

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...