Linux/x86 - Reverse TCP Alphanumeric Staged Shellcode (103 bytes)

Reverse TCP Staged Alphanumeric Shellcode Linux x86 Execve /bin/sh Author: Snir Levi, Applitects 103 Bytes date: 9.2.17 Automatic python shellcode handler with stage preset send will be ready soon: https://github.com/snir-levi/ReverseTCPAlphanumericStagedShellcodeExecve-bin-bash/ IP - 127.0.0.1...

Weak Diffie-Hellman Handshake Due To Truncated Secret Length

libssh2 is vulnerable to weak handshakes. The vulnerability happens because diffiehellmansha256 function in kex.c in libssh2 generates secret key of length 128 or 256 bits instead of 1023 or 2047 bits, allowing the attackers to intercept or decrypt SSH sessions using bits/bytes confusion bug...

Linux/x86_64 - execve /bin/sh Shellcode (22 bytes)

;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the Software without restriction, including without limitation ;the rights to use,...

ALPINE-CVE-2016-9380

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file...

CVE-2016-9380

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file...

Format string

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file...

UBUNTU-CVE-2016-9380

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file...

Linux/x86_64 - Bind 5600 TCP Port - Shellcode (87 bytes)

/ --------------------------------------------------------------------------------------------------- Linux/x8664 - Bind 5600 TCP Port - shellcode - 87 bytes Ajith Kp http://fb.com/ajithkp560 http://www.terminalcoders.blogspot.com Om Asato Maa Sad-Gamaya | Tamaso Maa Jyotir-Gamaya | Mrtyor-Maa...

Linux/x86-64 - mkdir Shellcode (25 bytes)

/ --------------------------------------------------------------------------------------------------- Linux/x86x64 - mkdir"ajit", 755 - 25 bytes Ajith Kp http://fb.com/ajithkp560 http://www.terminalcoders.blogspot.com Vishnu Nath Kp http://www.terminalcoders.blogspot.com Sayooj S Nambiar...

Hostname Check Bypassing

pyOpenSSL is vulnerable to hostname check bypassing. This is because it does not properly handle hostnames in the certificate that contain null bytes.The string formatting of subjectAltName X509Extension instances incorrectly truncates fields of the name when encountering null bytes, allowing...

Windows/x64 - Password Protected Bind Shellcode (825 bytes)

/ Title : Windows x64 Password Protected Bind Shell TCP shellcode size : 825 bytes Author : Roziul Hasan Khan Shifat Tested On : Windows 7 x64 professional Date : 01-01-2017 / / file format pe-x86-64 Disassembly of section .text: 0000000000000000 : 0: 99 cltd 1: b2 80 mov $0x80,%dl 3: 48 29 d4 su...

Windows x64 - Password Protected Bind Shellcode (825 bytes)

Windows x64 - Password Protected Bind Shellcode 825 bytes. Shellcode exploit for Winx86-64 platform / Title : Windows x64 Password Protected Bind Shell TCP shellcode size : 825 bytes Author : Roziul Hasan Khan Shifat Tested On : Windows 7 x64 professional Date : 01-01-2017 / / file format pe-x86-...

Command injection

QEMU aka Quick Emulator built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIOGPUCMDGETCAPSETINFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes...

CVE-2015-8743

QEMU aka Quick Emulator built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged CAPSYSRAWIO user/process could use this flaw to leak or corrupt QEMU memory bytes...

openssl: Crash in ssleay_rand_bytes due to locking regression

A regression was found in the ssleayrandbytes function in the versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7. This regression could cause a multi-threaded application to crash...

CVE-2016-4578

A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user withou...

Windows x64 - Bind Shell TCP Shellcode (508 bytes)

Windows x64 - Bind Shell TCP Shellcode 508 bytes. Shellcode exploit for Winx86-64 platform / Title : Windows x64 Bind Shell TCP Shellcode size : 508 bytes Date : 08-12-2016 Author : Roziul Hasan Khan Shifat Tested On : Windows 7 Professional x64 / / section .text global start start: xor rdx,rdx m...

Citrix XenServer Multiple Vulnerabilities (CTX218775)

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the sniffnetware function within file tools/pygrub/src/pygrub when handling string quotes and S-expressions in the bootloader whenev...

CVE-2016-8646

The hashaccept function in crypto/algifhash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service OOPS by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data...

CVE-2016-8646

The hashaccept function in crypto/algifhash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service OOPS by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data...