UBUNTU-CVE-2017-14643

The AP4HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4BytesToUInt32BE in Core/Ap4Utils.h...

CVE-2017-14156

The atyfbioctl function in drivers/video/fbdev/aty/atyfbbase.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes...

UBUNTU-CVE-2017-14156

The atyfbioctl function in drivers/video/fbdev/aty/atyfbbase.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes...

DEBIAN-CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

Bye Bye Password,1.0.4,Information Disclosure

Bye Bye Password by Ready Bytes, versions 1.0.4 and previous, Information Disclosure Also the installer includes a tracking script...

USN-3389-1 libgd2 vulnerability

A vulnerability was discovered in GD Graphics Library aka libgd, as used in PHP that does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read bytes from the top of the stack...

Linux x86 - /bin/sh Shellcode (24 bytes)

/ ;Title: Linux/x86 - /bin/sh Shellcode ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x86 ;Description: This shellcode baased on stack method to Execute "/bin//sh". Length of shellcode is 24 bytes. ;Tested on : 3.2.0-23-generic-pae...

Linux x86 - /bin/sh Shellcode (24 bytes)

Linux x86 - /bin/sh Shellcode 24 bytes. Shellcode exploit for Linx86 platform / ;Title: Linux/x86 - /bin/sh Shellcode ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x86 ;Description: This shellcode baased on stack method to Execute...

SQL Injection

zendframework/zendframework1 is vulnerable to SQL injection. The PDO adapters do not filter null bytes from SQL statements, allowing attackers to leverage this flaw to inject and execute SQL queries...

SQL Injection

Moodle is vulnerable to SQL injection attacks. The attacks exist because the application does not filter null bytes \0 characters in query strings, leading to SQL statements failing and causing error to the Microsoft SQL driver. This can allow a malicious user to inject and execute SQL queries...

Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes)

/ ;Category: Shellcode ;Title: GNU/Linux x8664 - Reverse Shell Shellcode ;Author: m4n3dw0lf ;Github: https://github.com/m4n3dw0lf ;Date: 18/07/2017 ;Architecture: Linux x8664 ;Tested on: 1 SMP Debian 4.9.18-1 2017-03-30 x8664 GNU/Linux Source section .text global start start: push rbp mov rbp,rsp...

Linux/x86 - Reverse TCP Shellcode (67 bytes)

/ Tiny Shell Reverse TCP Shellcode - C Language Linux/x86 Written in 2013 by Geyslan G. Bem, Hacking bits http://hackingbits.com email protected This source is licensed under the Creative Commons Attribution-ShareAlike 3.0 Brazil License. To view a copy of this license, visit...

Windows Kernel stack memory disclosure in nt!NtQueryInformationJobObject(CVE-2017-8479)

We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the 28 information class discloses portions of uninitialized kernel stack memory to user-mode clients. The specific name of the 28 information...

Linux/x86 - Bind Shell Shellcode (75 bytes)

/ Architecture : x86 OS : Linux Author : wetw0rk ID : SLAE-958 Shellcode Size : 75 bytes Bind Port : 4444 Description : A linux/x86 bind shell via /bin/sh. Created by analysing msfvenom; original payload was 78 bytes and contained 1 NULL. My shellcode is 75 and contains 0 NULLS ;. Original...

Linux/x86 - Bind Shell Shellcode (75 bytes)

Linux/x86 - Bind Shell Shellcode 75 bytes. Shellcode exploit for Linx86 platform / Architecture : x86 OS : Linux Author : wetw0rk ID : SLAE-958 Shellcode Size : 75 bytes Bind Port : 4444 Description : A linux/x86 bind shell via /bin/sh. Created by analysing msfvenom; original payload was 78 bytes...

CAVE MINER - Search for Code Cave in All Binaries (ELF, PE and Mach-o) and Inject Payload

This tools search for code cave in binaries Elf, Mach-o, Pe, and inject code in them. Features Find code caves in ELF, PE and Mach-o Use custom bytes for the search ex: 0xCC can be used as nullbytes on PE See virtual address of the code cave. See the permissions of the code caves. Search custom...

Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 28)' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1194 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the 28 information class discloses portions of uninitialized kernel...

Microsoft Windows - 'nt!NtQueryInformationJobObject (BasicLimitInformation, ExtendedLimitInformation)' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1189&desc=2 We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the JobObjectExtendedLimitInformation information class disclos...

Microsoft Windows - 'win32k!NtGdiGetTextMetricsW' Kernel Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1180 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other systems untested through the win32k!NtGdiGetTextMetricsW system call. The output...

Linux/x86 - Reverse UDP Shellcode (668 bytes)

; SLAE-X ; thanks to writesup from previou students : ; assignment: 2. create a reverse shell ; originality: using UDP instead TCP ; usage : sudo ncat -lup 53 on the receiving end ; warning, this shellcode might contains null byte if you use certain ip / address %define htonsx x 8 & 0xFF | x & 0x...