Windows/x86 - bitsadmin Download and Execute Shellcode (210 Bytes)

/ ; Windows/x86 - bitsadmin Download and Execute http://192.168.10.10/evil.exe c:\evil.exe Shellcode 210 Bytes ; Shellcode Title : bitsadmin download and execute ; Shellcode Author : Joseph McDonagh ; Date June 26, 2019 ; Shellcode Length 210 ; However, if the application you are exploiting alrea...

Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode (70 bytes)

/ Title: Linux/x8664 - Reverse0.0.0.0:4444/TCPShell/bin/sh- Null Free Shellcode ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 70 bytes ;github = https://github.com/STARRBOY compilation and execution of assembly code ------------------------------------- nasm -felf64...

CVE-2019-7231

The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that...

Hardcoded credentials

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

Rejetto HTTP File Server Remote Code Execution (CVE-2014-6287)

A remote code execution vulnerability exists in Rejetto HTTP File Server. This vulnerability is due to a regular expression that fails to handle null bytes. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to a target server...

RUSTSEC-2019-0003 Out of Memory in stream::read_raw_bytes_into()

Affected versions of this crate called Vec::reserve on user-supplied input. This allows an attacker to cause an Out of Memory condition while calling the vulnerable method on untrusted data...

Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)

;Title: Linux/x8664 - Bind 4444/TCP Shell /bin/sh ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 131 bytes ;github = https://github.com/STARRBOY ;test shellcode = after you run the shellcode, open another terminal and run "netcat -vv 0.0.0.0 4444" ================== ASSEMB...

PT-2019-6811 · Chicken +1 · Chicken +1

Name of the Vulnerable Software and Affected Versions: Chicken versions prior to 4.8.0 Description: The issue arises from improper handling of NUL bytes in certain strings, allowing an attacker to conduct a "poisoned NUL byte attack." Recommendations: For versions prior to 4.8.0, update to versio...

Linux/x86 - /sbin/iptables -F Shellcode (43 bytes)

Title: Linux/x86 - /sbin/iptables -F Shellcode 43 bytes Author: Xavi Beltran Contact: email protected Webpage: https://xavibel.com Purpose: flush iptables rules Tested On: Ubuntu 3.5.0-17-generic Arch: x86 Size: 43 bytes iptables-flush.nasm global start section .text start: xor eax, eax push eax...

Vulnerability in core server (CVE-2019-10129)

Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table...

PostgreSQL -- Memory disclosure in partition routing

The PostgreSQL project reports: Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table...

Linux/x86 - shred file Shellcode (72 bytes)

Exploit Title: Linux/x86 shred file 72 bytes Google Dork: None Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 72 ------------------------------Description--------------------------------- This...

Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)

Title: Linux/x86 - Multiple keys XOR Encoder / Decoder execve/bin/sh Shellcode 59 bytes Author: Xavi Beltran Date: 05/05/2019 Contact: email protected Purpose: spawn /bin/sh shell Tested On: Ubuntu 3.5.0-17-generic Arch: x86 Size: 59 bytes sh.nasm global start section .text start: xor eax, eax pu...

Linux/x86 - Rabbit Shellcode Crypter (200 bytes)

Introduction Exploit Title: Rabbit Shellcode Crypter Date: 24.4.2019 Exploit Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Description: Crypter which encrypts, decrypts and executes given shellcode using Rabbit symmetric cipher Keep in mind before use 1. Max...

Linux/x86 - add user to passwd file Shellcode (149 bytes)

Exploit Title: Linux/x86 add user to passwd file shellcode 149 bytes Google Dork: None Date: 11.04.2019 Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 149...

CVE-2019-6493

SmartDefragDriver.sys 2.0 in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool...

CVE-2019-6493

SmartDefragDriver.sys 2.0 in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool...

DEBIAN-CVE-2019-10896

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes...

CVE-2019-10896

Wireshark CVE-2019-10896 affects DOF dissector in versions 2.4.0–2.4.13, 2.6.0–2.6.7, and 3.0.0. The root cause is improper handling of generated IID and OID bytes in epan/dissectors/packet-dof.c, which could cause a crash. The vulnerability is addressed by the DOF dissector fix in that file. Rem...

EUVD-2019-2618

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes...