shadowbroker

This repository, hc1216/shadowbroker, contains a collection of exploits and tools for various vulnerabilities. The repository was initially reported to contain sensitive data, leading to the deletion of several files. The remaining files include a mix of exploit code, payloads, and documentation...

The vulnerability of the MpSigStub.exe executable of Microsoft Windows Defender allows a hacker to delete files in certain parts of the file system.

The vulnerability of the MpSigStub.exe executable file of Microsoft’s Windows Defender is related to privilege management errors. Exploiting this vulnerability could allow a malicious actor to delete files in certain parts of the file system remotely...

Security Bulletin: IBM Sterling Connect:Direct for UNIX Allows a User with Sudo Access Restricted to Certain Connect:Direct Executable Files to Expand Access Beyond the Restriction (CVE-2018-1903)

Summary UNIX system administrators may grant access to run certain executable files with expanded privilege via the sudo utility. Connect:Direct for UNIX has a vulnerability that could allow a user to escape this sudo executable file restriction and perform unauthorized commands with expanded...

The vulnerability of the executable file McTray.exe of the Microsoft Windows anti-virus software McAfee VirusScan Enterprise allows a perpetrator to gain increased privileges.

The vulnerability of the McTray.exe executable of the Microsoft Windows antivirus software, McAfee VirusScan Enterprise, is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

ASUS ScreenPad2 Upgrade Tool Code Issue Vulnerability

ASUS ScreenPad2 Upgrade Tool is an update tool for the ASUS ScreenPad2 touchpad from ASUS of Taiwan, China.ASUS ScreenPad2 Upgrade Tool version 1.0.3 contains the AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe files are vulnerable to a code issue. An attacker could exploit t...

Directory traversal

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current...

CVE-2020-15121

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current...

CVE-2020-15121 Command injection in Radare2

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current...

CVE-2020-15121

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current...

Command Execution Vulnerability in Media Mate

Media Mate is a media center similar to Plex. Media Mate has a command execution vulnerability that can be exploited by an attacker to execute a malicious exe file...

CVE-2020-13653

An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature...

Cross site scripting

An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature...

WriteUp_GoogleCTF_2017

This is a PoC exploit for a vulnerability in the Inst Prof binary, which is a x8664 Linux binary with PIE and NX enabled. The exploit allocates two pages using code reuse, one page to stack pivot and the other page to execute a shellcode. The shellcode is executed by dereferencing a text pointer...

EulerOS Virtualization 3.0.6.0 : libffi (EulerOS-SA-2020-1760)

According to the version of the libffi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Plea...

EvilQuest Mac Ransomware Has Keylogger, Crypto Wallet-Stealing Abilities

A rare new ransomware strain targeting macOS users has been discovered, called EvilQuest. Researchers say the ransomware is being distributed via various versions of pirated software. EvilQuest, first discovered by security researcher Dinesh Devadoss, goes beyond the normal encryption capabilitie...

Design/Logic Flaw

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

The vulnerability of the executable file cgibin.exe of the D-Link DIR-865L router’s microprogramming system allows a hacker to execute arbitrary operating system commands.

The vulnerability of the executable file cgibin.exe of the D-Link DIR-865L router operating system exists due to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

CVE-2020-15362

wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code...

Code injection

wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code...

CVE-2020-15362

wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code...