EGESPLOIT - A Golang Library For Malware Development

EGESPLOIT is a golang library for malware development, it has few unique functions for meterpreter integration. DOCUMENTATION CalculateChecksumx : Function calculates x digit 8 bit checksum for reverse HTTP/HTTPS meterpreter connections, returns the calculated checksum as string...

DWebPro 8.4.2 Remote Binary Execution / File Inclusion

Exploit Title: DWebPro 8.4.2 Remote Binary Execution Date: 01/10/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Author twitter: @tulpasecurity Vendor Homepage: http://www.dwebpro.com/ Software Link: http://www.dwebpro.com/download Version: 8.4....

MGASA-2016-0261 Updated sudo packages fix security vulnerability

A vulnerability in functionality for adding support of SHA-2 digests along with the command was found. The sudoers plugin performs this digest verification while matching rules, and later independently calls execve to execute the binary. This results in a race condition if the digest functionalit...

Row Hammer Privilege Escalation Vulnerability

On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 DDR3 synchronous dynamic random-access memory SDRAM to perform privilege escalation attacks on systems that contain the affected hardware. The flaw is known as Row Hammer. To attempt an attack,...

Ubisoft Uplay 5.0 - Insecure File Permissions Privilege Escalation

Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation Vendor: Ubisoft Entertainment S.A. Product web page: http://www.ubi.com Affected version: 5.0.0.3914 PC Summary: Uplay is a digital distribution, digital rights management, multiplayer and communications service created by...

CVE-2014-4457

The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled...

Design/Logic Flaw

The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled...

CVE-2014-4457

The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled...

OpenBSD 2.x/3.x Local Malformed Binary Execution Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8978/info The OpenBSD team has fixed a vulnerability in the OpenBSD kernel when handling certain executables. It appears that the problem lies in the lack of specific sanity checks on binary header values. As a result, a...

Sysax FTP Automation Server 5.33 Local Privilege Escalation

No description provided by source. Title: Sysax FTP Automation Server Local Privilege Escalation Author: Craig Freyman @cd1zz OS Tested: XP SP3 32bit Version Tested: 5.33 Date Discovered: October 1, 2012 Vendor Contacted: October 21, 2012 Vendor Response: November 1, 2012 Demo:...

CVS Kit CVS Server 1.10 .8 Checkin.prog Binary Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1524/info A CVS committer can execute arbitrary binaries by using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when the directory is checkouted and it is sent back to the...

[ollydbg-binary-execution-visualizer] New Tool for Visualizing Binaries With Ollydbg and Graphvis

Sometimes crackme’s or something you might be reversing will constantly bug you due to the excessive usage of f7 & f8. It will be quiet neat if you can see how the application is executing visually and set your break points accordingly. Requirements: o Ollyscript plugin o Bunch of your favorite...

CentOS Update for qemu-guest-agent CESA-2013:1100 centos6

Check for the Version of qemu-guest-agent OpenVAS Vulnerability Test CentOS Update for qemu-guest-agent CESA-2013:1100 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...

Oracle Linux 5 : Important:kernel (ELSA-2007-0940)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0940 advisory. 2.6.18-8.1.15.0.1.el5 - Fix bonding primary=ethX Bert Barbe IT 101532 ORA 5136660 - Add entropy module option to e1000/bnx2 John Sobecki ORA 6045759...

Sysax FTP Automation Server 5.33 - Local Privilege Escalation

Sysax FTP Automation Server 5.33 - Local Privilege Escalation Title: Sysax FTP Automation Server Local Privilege Escalation Author: Craig Freyman @cd1zz OS Tested: XP SP3 32bit Version Tested: 5.33 Date Discovered: October 1, 2012 Vendor Contacted: October 21, 2012 Vendor Response: November 1, 20...

Fedora Update for libpng10 FEDORA-2012-3536

Check for the Version of libpng10 OpenVAS Vulnerability Test Fedora Update for libpng10 FEDORA-2012-3536 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Samba smbmnt Local Privilege Escalation

According to its banner, the version of Samba running on the remote host is in the 2.x or 3.x branch. Such versions are shipped with a utility called 'smbmnt'. When smbmnt has the setuid 'root' bit set, a local user with access to the victim can mount a Samba share and then execute a setuid or...

Apple Safari Arbitrary Code Execution

CVE: CVE-2011-3230 Found By: Aaron Sigel of vtty.com There's not a ton to say about this bug aside from "Yikes"! I think the PoC speaks for itself. This allows you to send any "file:" url to LaunchServices, which will run binaries, launch applications, or open content in the default application,...

Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713)

This host is missing a critical security update according to Microsoft Bulletin MS10-007. OpenVAS Vulnerability Test $Id: secpodms10-007.nasl 5361 2017-02-20 11:57:13Z cfi $ Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability 975713 Authors: Veerendra GG Copyright:...

OS X Write and Execute Binary, Bind TCP Stager

Spawn a command shell staged. Listen for a connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework BindTcp ------- OSX bind TCP stager. module MetasploitModule CachedSize = 248 include Msf::Payload::Stager def...