Vivotek IP Cameras - Remote Stack Overflow (PoC)

Vivotek IP Cameras - Remote Stack Overflow PoC STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials...

Axis Communications MPQT/PACS Heap Overflow / Information Leakage

STX Subject: Axis Communications MPQT/PACS Heap Overflow and Information Leakage. Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis August 2017 PoC: https://github.com/mcw0/PoC Release date: December 1, 2017 Full Disclosure: 90 days due to the large volume o...

Mozilla Firefox WebExtensions can download and open non-executable files without user interaction(CVE-2017-7821)

CVE-2017-7821 "browser.downloads addon feature may be used for RCE" Steps: 1. Go to 'about:debugging' 2. Unpack attached PoC somewhere 3. Back in 'about:debugging' choose 'Load temp addon' and choose the poc 4. jar file is automatically downloaded and executed. We are able to download and execute...

USN-3435-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs,...

CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those...

UBUNTU-CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those...

Mozilla Firefox File Download Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in WebExtensions in versions of Mozilla Firefox prior to 56. A remote attacker can exploit the vulnerability to download and potentially open non-executable file...

Solaris 8/9 passwd(1) - circ() Stack-Based Buffer Overflow Privilege Escalation Exploit

Exploit for linux platform in category local exploits / $Id: raptorpasswd.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorpasswd.c - passwd circ local, Solaris/SPARC 8/9 Copyright c 2004 Marco Ivaldi Unknown vulnerability in passwd1 in Solaris 8.0 and 9.0 allows local users to gain privileges via...

CVE-2016-5945

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request...

CVE-2016-5945

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request...

CVE-2016-5945

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request...

CVE-2010-1451

The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain PAGEEXEC4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent...

Return-into-libc attack and Defense-bug warning-the black bar safety net

This article first analyzes the return-into-libc attack principle, were introduced in different platforms for the traditional return-into-libc attack of the experimental process and results. Then, this paper further introduces and explains the return-oriented programming attacks, this attack can...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (x86)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/NonExecutableLovin.txt This code currently jum...

Solaris 2.5.1/2.6/7/8 rlogin /bin/login - Buffer Overflow Exploit (SPARC)

No description provided by source. / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi [email protected] Buffer overflow in login in various System V based operating systems allows remote attackers to...

SuSE 11.1 Security Update : openssl (SAT Patch Number 6245)

This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption. CVE-2012-2110 Additionally, a check for negative buffer length values was added CVE-2012-2131 and the stack made non-executable by marking the enhanced Intel SSSE3 assembler code as not...

Webkit normalize bug for android 2.2 (CVE-2010-1759)

No description provided by source. !-- CVE-2010-1759 webkit normalize bug Tested on Moto Droidx2 running 2.2. Droidx2 running 2.3 is vulnerable but exploit fails due to non-executable heap. Still working on a way around that : 2.1 - 2.3 emulator. The changes needed are documented in the code. The...

Webkit normalize bug for android 2.2 (CVE-2010-1759)

Exploit for Android platform in category remote exploits LOADING... var elem1 = document.getElementById"test1"; var elem2 = document.getElementById"test2"; var elem3 = document.getElementById"test3"; function spray for var i = 0; i 180000; i++ var s = new Stringunescape"\u0052\u0052"; //...

Muse Music All-in-One 1.5.0.001 - .pls Local Buffer Overflow (DEP Bypass)

Muse Music All-in-One 1.5.0.001 - .pls Local Buffer Overflow DEP Bypass !/usr/bin/perl +Exploit Title: Muse Music All-In-One PLS File Buffer Overflow ExploitDEP Bypass +Date: 25\09\2011DD\MM\YYYY +Author: C4SS!0 G0M3S +Software Link:...

NetSupport Manager Agent Remote Buffer Overflow

This module exploits a buffer overflow in NetSupport Manager Agent. It uses a similar ROP to the proftpdiac exploit in order to avoid non executable stack. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...