CVE-2018-7046

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...

Spectre Information Disclosure Proof Of Concept

include include include ifdef MSCVER include / for rdtscp and clflush / pragma optimize"gt",on else include / for rdtscp and clflush / endif / Victim code. / unsigned int array1size = 16; uint8t unused164; uint8t array1160 = 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 ; uint8t unused264; uint8t...

[SECURITY] Fedora 25 Update: gcc-6.4.1-1.fc25

The gcc package contains the GNU Compiler Collection version 6. You'll need this package in order to compile C code...

Code injection

A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library...

Linux Kernel ping Denial Of Service

Source: https://raw.githubusercontent.com/danieljiang0415/androidkernelcrashpoc/master/panic.c include include include include static int sockfd = 0; static struct sockaddrin addr = 0; void fuzzvoid param while1 addr.sinfamily = 0;//rand%42; printf"sinfamily1 = %08lx\n", addr.sinfamily;...

U.S. Dept Of Defense: Two Error-Based SQLi in courses.aspx on ██████████

Summary: The server at ████ contains two SQL injection vulnerabilities in the courses.aspx file. These are error-based SQLi vulnerabilities. The resulting errors reveal seven lines of C code, including inline SQL which reveals internal database information. Note that this is one of two reports I'...

The Japanese version of the WPS remote code execution vulnerability detailed analysis-vulnerability warning-the black bar safety net

Word processing and work product in the vulnerability is the threat actors to exploit the useful target. Users often encounter in everyday life these software packages use the file type, and may in the email to open such a file, or be prompted to download from the website this file does not produ...

Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Privilege Escalation

// A proof-of-concept local root exploit for CVE-2017-6074. // Includes a semireliable SMAP/SMEP bypass. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074 // // Usage: // $ gcc poc.c -o pwn // $ ./pwn // . namespace sandbox setup...

GNU / Bash v4.4 autocompletion Code Execution Vulnerability

Exploit for linux platform in category local exploits GNU Bash code execution vulnerability in path completion Jens Heyens, Ben Stock January 2017 1 Introduction GNU Bash from version 4.4 contains two bugs in its path completion feature leading to a code execution vulnerability. An exploit can be...

[SECURITY] Fedora 23 Update: flex-2.6.0-2.fc23

The flex program generates scanners. Scanners are programs which can recognize lexical patterns in text. Flex takes pairs of regular expressions and C code as input and generates a C source file as output. The output file is compiled and linked with a library to produce an executable. The...

Vivaldi 1.4.589.11 DLL Hijacking

Exploit Title: Vivaldi browser DLL Hijacking Author: Ashiyane Digital Security Team Vendor Homepage: https://vivaldi.com/ software link: https://downloads.vivaldi.com/stable/Vivaldi.1.4.589.11.exe Tested on:Windows 7 Date: 13-09-2016...

OoVoo 3.7.1 DLL Hijacking

Exploit Title: OoVoo DLL Hijacking Author: Ashiyane Digital Security Team Vendor Homepage:http://www.oovoo.com/ Version: 3.7.1 Tested on:Windows 7 ---------------------------------------------------------------------------------------------------------- vulnerable DLLs :...

[SECURITY] Fedora 24 Update: flex-2.6.0-2.fc24

The flex program generates scanners. Scanners are programs which can recognize lexical patterns in text. Flex takes pairs of regular expressions and C code as input and generates a C source file as output. The output file is compiled and linked with a library to produce an executable. The...

Updated nettle packages fix security vulnerabilities

Updated nettle2.7 and nettle packages fix security vulnerabilities: Two carry propagation bugs in elliptic curve scalar multiplications that affect the NIST P-256 curve. The bugs are in the C code and affect multiple architectures CVE-2015-8803, CVE-2015-8805. A carry propagation bug in elliptic...

nettle: improper cryptographic calculations

CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 improper cryptographic calculations It has been discovered that multiple carry propagation bugs are producing wrong results in calculations. They affect the NIST P-256 and P-384 curves. The P-256 bug is in the C code and affects multiple architectures...

Linux Kernel REFCOUNT Overflow / Use-After-Free

Exploit Title: Linux kernel REFCOUNT overflow/Use-After-Free in keyrings Date: 19/1/2016 Exploit Author: Perception Point Team CVE : CVE-2016-0728 / CVE-2016-0728 local root exploit modified by Federico Bento to read kernel symbols from /proc/kallsyms props to grsecurity/PaX for preventing this i...

Windows 10 - pcap Driver Local Privilege Escalation

Exploit for windows platform in category local exploits Source: https://github.com/Rootkitsmm/Win10Pcap-Exploit include include include include include include include include include define SLIOCTLGETEVENTNAME CTLCODE0x8000, 1, METHODNEITHER, FILEANYACCESS define STATUSSUCCESS NTSTATUS0x00000000...

Design/Logic Flaw

Checkmarx CxSAST formerly CxSuite before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C code by asserting the 1 System.Security.Permissions.PermissionState.Unrestricted or 2 System.Security.Permissions.SecurityPermissionFlag.AllFlag...

CVE-2014-8778

Checkmarx CxSAST formerly CxSuite before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C code by asserting the 1 System.Security.Permissions.PermissionState.Unrestricted or 2 System.Security.Permissions.SecurityPermissionFlag.AllFlag...

Apple OSX 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Exploit

Exploit for macOS platform in category local exploits !/bin/sh Simple Proof of Concept Exploit for the DYLDPRINTTOFILE local privilege escalation vulnerability in OS X 10.10 - 10.10.4 C Copyright 2015 Stefan Esser Wait months for a fix from Apple or install the following KEXT as protection...