CVE-2016-8646

The hashaccept function in crypto/algifhash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service OOPS by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data...

Windows/x64 - Reverse Shell TCP Shellcode (694 bytes)

/ Title : Windows x64 Reverse Shell TCP shellcode size : 694 bytes Author: Roziul Hasan Khan Shifat Date : 10-11-2016 Tested on : Windows 7 x64 Professional Email : email protected / / Disassembly of section .text: 0000000000000000 : 0: 48 31 d2 xor %rdx,%rdx 3: 65 48 8b 42 60 mov %gs:0x60%rdx,%r...

Windows x64 - Reverse Shell TCP Shellcode (694 bytes)

Windows x64 - Reverse Shell TCP Shellcode 694 bytes. Shellcode exploit for Winx86-64 platform / Title : Windows x64 Reverse Shell TCP shellcode size : 694 bytes Author: Roziul Hasan Khan Shifat Date : 10-11-2016 Tested on : Windows 7 x64 Professional Email : [email protected] / / Disassembly of...

tomcat: Usage of vulnerable FileUpload package can result in denial of service

A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer 4096 bytes used to read the uploaded file if the boundary was the typical tens of bytes long...

php: openssl_random_pseudo_bytes() is not cryptographically secure

The opensslrandompseudobytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RANDpseudobytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified...

UBUNTU-CVE-2016-9243

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...

libgcrypt: PRNG output is predictable

A design flaw was found in the libgcrypt PRNG Pseudo-Random Number Generator. An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes...

WhatsApp Web Username Bypass Vulnerability

Exploit for tricks platform in category remote exploits Title: Web WhatsApp Username Bypass Date: 31.10.2016 Author: Glumi Software Link: https://web.whatsapp.com/ Why this works: Web WhatsApp is filtering null bytes for all username inputs but this can be bypassed by using the"NOP"-character 0x9...

kernel: Information leak in events in timer.c

A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user withou...

Telegram Web 0.5.5 Username Bypass

Exploit Title: Telegram Web Empty Username Bypass Date: 18/10/2016 Author: Ashiyane Digital Security Team Software Link: https://web.telegram.org version : Telegram Web 0.5.5 Tested on: Windows 7 Description: Telegram filters null bytes for username input but you can bypass this filter with "NOP"...

Windows x86 - Keylogger Reverse UDP Shellcode (493 bytes)

Windows x86 - Keylogger Reverse UDP Shellcode 493 bytes. Shellcode exploit for Winx86 platform ; Exploit Title: x86 windows shellcode - keylogger reverse udp - 493 bytes ; Date: Fri Oct 13 12:58:35 GMT 2016 ; Exploit Author: Fugu ; Vendor Homepage: www.microsoft.com ; Version: all win ; Tested on...

Windows/x64 - WinExec() Shellcode (93 bytes)

/ Title : Windows x64 WinExec shellcode Date : 15-10-2016 Author : Roziul Hasan Khan Shifat size : 93 bytes Tested on : Windows 7 Ultimate x64 / / Disassembly of section .text: 0000000000000000 : 0: 99 cltd 1: 65 48 8b 42 60 mov %gs:0x60%rdx,%rax 6: 48 8b 40 18 mov 0x18%rax,%rax a: 48 8b 70 10 mo...

ALPINE-CVE-2016-7444

The gnutlsocsprespcheckcrt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by...

PT-2016-3312 · Openssl +4 · Openssl +4

Name of the Vulnerable Software and Affected Versions: OpenSSL version 1.1.0 before 1.1.0a OpenSSL versions 1.1.0 through 1.1.0 excluding 1.1.0a and later Description: The issue is related to the ssl3 read bytes function in record/rec layer s3.c in OpenSSL. It allows remote attackers to cause a...

Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes)

Cisco ASA - Authentication Bypass 'EXTRABACON' Improved Shellcode 69 bytes. Shellcode exploit for Hardware platform ; ; Cisco ASA Authentication Bypass EXTRABACON Better Shellcode 69 bytes ; ; Copyright: c 2016 RiskSense, Inc. https://risksense.com ; License: http://opensource.org/licenses/MIT ;...

Windows x86 - Password Protected TCP Bind Shell (637 bytes)

Windows x86 - Password Protected TCP Bind Shell 637 bytes. Shellcode exploit for Winx86 platform / Title : Windows x86 password protected bind shell tcp shellcode Date : 12-09-2016 Author : Roziul Hasan Khan Shifat size : 637 bytes Tested On : Windows 7 ultimate x86 x64 Email : [email protected]...

DEBIAN-CVE-2016-6261

The idnatoascii4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via 64 bytes of input...

Microsoft Windows - GDI+ EMR_EXTTEXTOUTA EMR_POLYTEXTOUTA Heap Buffer Overflow (MS16-097)

Microsoft Windows - GDI+ EMREXTTEXTOUTA EMRPOLYTEXTOUTA Heap Buffer Overflow MS16-097 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=828 The Microsoft GDI+ implementation of the EMF format supports records corresponding to the ExtTextOutA and PolyTextOutA API functions. Both...

Windows/x86 - MessageBoxA Shellcode (242 bytes)

/ Title : Windows x86 MessageBoxA shellcode Author : Roziul Hasan Khan Shifat Date : 14-08-2016 Tested On : Windows 7 starter x86 / / Disassembly of section .text: 00000000 : 0: 31 c9 xor %ecx,%ecx 2: 64 8b 41 30 mov %fs:0x30%ecx,%eax 6: 8b 40 0c mov 0xc%eax,%eax 9: 8b 70 14 mov 0x14%eax,%esi c: ...

Windows/x86 - CreateProcessA cmd.exe Shellcode (253 bytes)

/ Title : Windows x86 CreateProcessANULL,"cmd.exe",NULL,NULL,0,NULL,NULL,NULL,&STARTUPINFO,&PROCESSINFORMATION shellcode Author : Roziul Hasan Khan Shifat Date : 15-08-2016 Tested On : Windows 7 x86 / / Disassembly of section .text: 00000000 : 0: 31 c9 xor %ecx,%ecx 2: 64 8b 41 30 mov...