Linux/x64 - XANAX Encoder Shellcode (127 bytes)

Linux/x64 - XANAX Encoder Shellcode 127 bytes ; Date: 08/04/2019 ; XANAX Encoder ; Author: Alan Vivona ; Description: Uses xor-add-not-add-xor sequence with a 4 byte key and writes the encoded version to stdout ; Tested on: x86-x64 GNU/Linux global start segment .data keys.xor1 equ 0x29 keys.add1...

UBUNTU-CVE-2019-10896

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes...

A Go implementation of Poly1305 that makes sense

Poly1305 is a Message Authentication Code--a cryptographic primitive for authenticating a message with a shared secret key, like HMAC. Although its really a fraction of the complexity of e.g. elliptic curves, most of the implementations Ive read look decidedly like magic, mysteriously multiplying...

Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)

/ ; Date: 09/03/2019 ; PolymorphicExecveShStack.asm ; Author: Daniele Votta ; Description: This program invoke a Polimorphic version of excve. Original ExecveShStack: file format elf32-i386 Disassembly of section .text: 08048080 : 8048080: 31 c0 xor eax,eax 8048082: 50 push eax 8048083: 68 2f 2f ...

CVE-2019-8981

tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the needbytes value is mismanaged...

NetSetMan 4.7.1 Buffer Overflow

Exploit Title: NetSetMan 4.7.1 - Local Buffer Overflow SEH Unicode Exploit Author: Devin Casadey Discovery Date: 2019-03-11 Vendor Homepage: https://www.netsetman.com/ Software Link: https://www.netsetman.com/netsetman.exe Tested Version: 4.7.1 Tested on: Windows XP SP3...

FreeBSD : OpenSSL -- ChaCha20-Poly1305 nonce vulnerability (e56f2f7c-410e-11e9-b95c-b499baebfeaf)

The OpenSSL project reports : Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length...

OpenSSL -- ChaCha20-Poly1305 nonce vulnerability

The OpenSSL project reports: Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length a...

CVE-2018-11864

Bytes can be written to fuses from Secure region which can be read later by HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

macOS 127.0.0.1:4444 Reverse Shell Shellcode (103 bytes)

/ Title: macOS - Reverse 127.0.0.1:4444/TCP Shell /bin/sh + Null-Free Shellcode 103 bytes Tested: macOS 10.14.1 Author: Ken Kitahara Compilation: gcc -o loader loader.c dev:works devuser$ swvers ProductName: Mac OS X ProductVersion: 10.14.1 BuildVersion: 18B75 dev:works devuser$ cat ipv4rev.s...

Linux/x86 exit(0) Shellcode (5 bytes)

/ Exit.asm Author: Daniele Votta Description: Exit with no nulls. Tested on: i686 GNU/Linux Shellcode Length: 5 / include include / Disassembly of section .text: 00000000 : 0: 31 c0 xor eax,eax 2: 40 inc eax 3: cd 80 int 0x80 ======================= POC Daniele Votta ======================= /...

PHP 5.6.x < 5.6.9 Multiple Vulnerabilities

According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\0'...

CVE-2019-5005

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service application crash via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption...

radare2 'core_anal_bytes' function heap buffer overflow vulnerability

radare2 is a set of libraries and tools for working with binary files. A heap buffer overflow vulnerability exists in the 'coreanalbytes' function of the libr/core/cmdanal.c file in radare2 versions prior to 3.1.1. An attacker can exploit this vulnerability to cause a denial of service applicatio...

Linux/x86 - Kill All Processes Shellcode (14 bytes)

Exploit Title: Linux/x86 - Kill All Processes Shellcode 14 bytes Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 14 Description: Linux/x86 kill 9 -1 14 bytes...

PT-2023-15457 · Unknown +1 · Gpac Mp4Box +1

Name of the Vulnerable Software and Affected Versions: GPAC MP4Box version 2.1-DEV-rev649-ga8f438d20 Description: The issue is related to a Buffer Overflow that occurs via the media tools/av parsers.c file, specifically at line 4988 in the gf media nalu add emulation bytes function. This can...

Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)

/ Linux/x86-execve/usr/bin/ncat -lvp 1337 -e/bin/bash+NULL-FREE Shellcode95 bytes Author : T3jv1l Contact: email protected Twitter:https://twitter.com/T3jv1l Shellcode len : 119 bytes Compilation: gcc shellcode.c -o shellcode Compilation for x64 : gcc -m32 shellcode.c -o shellcode Tested On: Ubun...

Information Disclosure

Apache Tomcat HTTP/1.1 connector is vulnerable to information disclosure. A lack of validation in the URL allows remote attackers to inject NULL bytes and retrieve confidential information through reading of JSP source files when allowLinking is configured...

Windows/x86 - Messagebox Shellcode 358 bytes

// Exploit Title : win32 Messagebox shellcode 358 bytes // Exploit Author : Febriyanto Nugroho email protected // Tested on : Windows 7 x86 Ultimate include include char shellcode= "\x31\xdb\xb3\x30\x29\xdc\x64\x8b\x03\x8b\x40\x0c\x8b" "\x58\x1c\x8b\x1b\x8b\x1b\x8b\x73\x08\x89\xf7\x89\x3c"...

kernel: Information leak when handling NM entries containing NUL

A vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation i.e. the directory entry name being encoded by a bunch of NM entries. The process stops when the...