3386 matches found
Linux/x86 - exec'/bin/dash' shellcode 45 bytes
Linux/x86 - exec'/bin/dash' shellcode 45 bytes. Shellcode exploit for linx86 platform / Title: Linux/x86 exec'/bin/dash' - shellcode 45 bytes Platform: linux/x8664 Date: 2015-06-15 Author: Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes ,...
php: missing null byte checks for paths in various PHP extensions
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
linux/x86 Reboot shellcode - 28 Bytes
Linux/x86 Reboot - 28Bytes Greetz : BombermanLeader Author : B3mB4m Tested ON : Ubuntu 14.04 08048060 : 8048060: 31 c0 xor %eax,%eax 8048062: 50 push %eax 8048063: 68 62 6f 6f 74 push $0x746f6f62 8048068: 68 6e 2f 72 65 push $0x65722f6e 804806d: 68 2f 73 62 69 push $0x6962732f 8048072: 89 e3 mov...
PHP 5.4.x < 5.4.41 / 5.5.x < 5.5.25 Multiple Vulnerabilities
Binary data 8785.prm...
linux/x86 seanux-a 1.0 execve shellcode - 80 bytes
seanux-a Linux distribution is an operating system made as a collection of software based around the Linux kernel and often around a package management system. Most distributions come ready to use and pre-compiled for a specific instruction set, while others are distributed in source code form an...
Libmimedir Special File Arbitrary Code Execution Vulnerability
libmimedir is a library of graphical objects based on the RFC implementation of 2425 and 2426. A security vulnerability exists in libmimedir. A remote attacker can construct a specially crafted VCF file with two null bytes added to the end of the file and trick the user into parsing it, which can...
OpenSSL 'ssleay_rand_bytes()' function denial of service vulnerability
OpenSSL is an open source implementation of SSL for strong encryption of network communications, and is now widely used in a variety of network applications. A security vulnerability in OpenSSL in Red Hat allows a remote attacker to send special data to a target multithreaded reference that uses...
CVE-2015-3205
libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes at the end of the file, related to "free" function calls in the "lexer's memory clean-up procedure."...
CVE-2015-3205
Libmimedir’s VCF parser is vulnerable to memory corruption when parsing a VCF file with two trailing NULL bytes, triggering risky free() calls during lexer memory cleanup. A PoC/exploit code demonstrates potential arbitrary code execution via crafted VCF inputs; exploitation status in the wild is...
linux/x86 - /etc/passwd Reader - 58 bytes
Linux/x86 - /etc/passwd Reader - 58 bytes Greetz : BombermanLeader,wiremask.eu Author : B3mB4m Concat : Do not disturb - Bomberman Bu adamı geçmeden konuşmaya iznim yok.Iki yıl sonra görüşmek üzre : Info File descriptor on EBX Buffer on ECX Bytes to read on EDX Disassembly of section .text:...
Linux/x86 - /etc/passwd Reader 58 bytes
Linux/x86 - /etc/passwd Reader 58 bytes. Shellcode exploit for linux platform Linux/x86 - /etc/passwd Reader - 58 bytes Greetz : BombermanLeader,wiremask.eu Author : B3mB4m Concat : Do not disturb - Bomberman Bu adamı geçmeden konuşmaya iznim yok.Iki yıl sonra görüşmek üzre : Info File descriptor...
openssl: Crash in ssleay_rand_bytes due to locking regression
A regression was found in the ssleayrandbytes function in the versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7. This regression could cause a multi-threaded application to crash...
Linux/x86 - execve /bin/sh shellcode 21 bytes 2
Linux/x86 - execve /bin/sh shellcode 21 bytes 2. Shellcode exploit for linx86 platform Linux/x86 - Shutdowninit 0 - 30 bytes Greetz : BombermanLeader Author : B3mB4m 08048060 : 8048060: 31 c0 8048062: 50 8048063: 68 68 61 6c 74 push $0x746c6168 8048068: 68 69 6e 2f 2f push $0x2f2f6e69 804806d: ...
linux/x86 - execve /bin/sh shellcode - 21 bytes
Linux/x86 execve /bin/sh shellcode 21 bytes Greetz : KnocKout,curtis,BombermanLeader Author : B3mB4m Disassembly of section .text: 08048060 : 8048060: 31 c0 xor %eax,%eax 8048062: 50 push %eax 8048063: 68 2f 2f 73 68 push $0x68732f2f 8048068: 68 2f 62 69 6e push $0x6e69622f 804806d: 89 e3 mov...
SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...
qemu: pcnet: multi-tmd buffer overflow in the tx path
A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the...
Linux/x86 - execve /bin/sh shellcode 21 bytes
Linux/x86 - execve /bin/sh shellcode 21 bytes. Shellcode exploit for linx86 platform Linux/x86 execve /bin/sh shellcode 21 bytes Greetz : KnocKout,curtis,BombermanLeader Author : B3mB4m Disassembly of section .text: 08048060 : 8048060: 31 c0 xor %eax,%eax 8048062: 50 push %eax 8048063: 68 2f 2f 7...
[SECURITY] [DSA 3280-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3280-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 07, 2015 http://www.debian.org/security/faq -...
DEBIAN-CVE-2015-3811
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service application crash via a crafted packet, a different vulnerability than...
DEBIAN-CVE-2015-2694
The kdcpreauth modules in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing 1 zero bytes of data or 2 an arbitrary realm name,...