Microsoft Windows - 'IOCTL_MOUNTMGR_QUERY_POINTS' Kernel Mountmgr Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1150&desc=2 We have discovered that the handler of the IOCTLMOUNTMGRQUERYPOINTS IOCTL in mountmgr.sys discloses portions of uninitialized pool memory to user-mode clients, due to output structure alignment holes. On our test...

GNU Binutils 'objdump.c' Remote Denial of Service Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project to work with target files in a variety of formats, with connectors, assemblers, and other tools for target files and archives. A security vulnerability exists in the...

UBUNTU-CVE-2017-9746

The disassemblebytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during...

DEBIAN-CVE-2017-9746

The disassemblebytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during...

Linux/x86_64 - execve("/bin/sh") Shellcode (24 bytes)

Linux/x8664 - execve"/bin/sh" Shellcode 24 bytes. Shellcode exploit for Linx86-64 platform / ;Category: Shellcode ;Title: GNU/Linux x8664 - execve /bin/sh ;Author: m4n3dw0lf ;Github: https://github.com/m4n3dw0lf ;Date: 14/06/2017 ;Architecture: Linux x8664 ;Tested on : 1 SMP Debian 4.9.18-1...

Linux/x86-64 - /bin/sh Shellcode (31 bytes)

/ ;Title: Linux/x86-64 - /bin/sh Shellcode ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: This shellcode baased on "JMP CALL POP" method to Execute "/bin//sh". Length of shellcode is 31 bytes. ;Tested on : 1 SMP...

The vulnerability of the xdr_bytes and xdr_string functions in the library that handles system calls and core glibc functions allows a attacker to cause a service failure.

The vulnerabilities of the xdrbytes and xdrstring functions in the library that handles system calls and core glibc functions are related to the reclamation of unreliable data stored in memory after deserialization of buffers. Exploiting these vulnerabilities allows a remote attacker to cause a...

CVE-2017-9024

Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor SCA 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname...

Directory traversal

Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor SCA 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname...

CVE-2017-9024

Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor SCA 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname...

CVE-2017-9024

Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor SCA 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname...

CVE-2017-9024

CVE-2017-9024 describes a directory traversal vulnerability in Secure Bytes’ Secure Auditor / Cisco Configuration Manager bundled with Secure Auditor (SCA) 3.0. The issue resides in the TFTP Server and allows an attacker to read arbitrary files by using ../ sequences in a pathname. This vulnerabi...

Secure Auditor 3.0 - Directory Traversal

Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt + ISR: ApparitionSec Vendor: ==================== www.secure-bytes.com Product: ===================== Secure Auditor - v3.0 Secure...

BSA-2017-293

Security Advisory ID : BSA-2017-293 Component : NTP Revision : 1.0: Interim The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. Affected Products Brocade is investigating i...

Linux/x86 - Disable ASLR Shellcode (80 bytes)

/ Linux/x86 setuid-disable-aslr.c by @abatchy17 - abatchy.com Shellcode size: 80 bytes SLAE-885 section .text global start start: ; ; setruid0,0 ; xor ecx,ecx mov ebx,ecx push 0x46 pop eax int 0x80 ; ; open"/proc/sys/kernel/randomizevaspaceX", ORDWR ; xor eax,eax ; EAX = 0 jmp aslrfile shellcode:...

GNU C Library 'xdr_bytes' and 'xdr_string' Function Denial of Service Vulnerability

The GNU C Library a.k.a. glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A denial of service vulnerability exists in the 'xdrbytes' and 'xdrstring' functions in GNU C Library version 2.25, which stems from the program failing to properly handle buffer...

Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)

BITS 64 ; reverse ip6 tcp shell ; size = 113 bytes depends of ip addr, default is ::1 ; nullbytes free depends only on ip addr, ; you could always and the ip add to remove ; the nulls like i did with the port ; it sleeps and then tries to recconect default 3 seconds ; ;shell =...

Linux/x86 - Disable ASLR Shellcode (80 bytes)

Linux/x86 - Disable ASLR Shellcode 80 bytes. Shellcode exploit for Linx86 platform / Linux/x86 setuid-disable-aslr.c by @abatchy17 - abatchy.com Shellcode size: 80 bytes SLAE-885 section .text global start start: ; ; setruid0,0 ; xor ecx,ecx mov ebx,ecx push 0x46 pop eax int 0x80 ; ;...

PT-2017-2115 · Gnu +2 · Glibc +2

Name of the Vulnerable Software and Affected Versions: glibc versions 2.25 Description: The issue is related to the xdr bytes and xdr string functions in the GNU C Library, which mishandle failures of buffer deserialization. This can be exploited by a remote attacker using a specially crafted UDP...

Microsoft Windows 2003 SP2 - ERRATICGOPHER SMB Remote Code Execution

Microsoft Windows 2003 SP2 - ERRATICGOPHER SMB Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- By Victor Portal vportal for educational porpouse only This exploit is the python version of the ErraticGopher exploit probably with some modifications. ErraticGopher exploits a memory...