Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 2 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintcheckdirsparc2.c - Solaris/SPARC FMT LPE...

DEBIAN-CVE-2020-35495

There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34...

CVE-2020-35507

There's a flaw in bfdpefparsefunctionstubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability...

New IDA Pro plugin provides TileGX support

By Jonas Zaddach Overview Cisco Talos has a new plugin available for IDA Pro that provides a new disassembler for TileGX binaries. This tool should assist researchers in reverse-engineering threats in IDA Pro that target TileGX. We started developing this tool after the VPNFilter campaign last...

GNU libiberty - Buffer Overflow

Source: https://gcc.gnu.org/bugzilla/showbug.cgi?id=69687 The attached program binary causes a buffer overflow in cplus-dem.c when it tries to demangle specially crafted function arguments in the binary. Both the buffer size as well as the buffer content are controlled from the binary. objdump -x...

CVE-2017-9756

The aarch64extldstreglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during...

CVE-2017-9750

opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this fil...

CVE-2017-9745

The bfdvmsslurpetir function in bfd/vms-alpha.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file...

CVE-2017-9745

The bfdvmsslurpetir function in bfd/vms-alpha.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file...

CVE-2017-9750

CVE-2017-9750 affects opcodes/rx-decode.opc in GNU Binutils 2.28. The vulnerability arises from missing bounds checks for certain scale arrays, enabling a crafted binary file to trigger a denial of service (buffer overflow and application crash) during objdump -D, with possible other impact. A co...

CVE-2017-9752

bfd/vms-alpha.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling...

Linux/MIPS Kernel 2.6.36 - 'NetUSB' Remote Code Execution

!/usr/bin/env python Source: http://haxx.in/blasty-vs-netusb.py CVE-2015-3036 - NetUSB Remote Code Execution exploit Linux/MIPS =========================================================================== This is a weaponized exploit for the NetUSB kernel vulnerability discovered by SEC Consult...

VideoLAN VLC Media Player Stack Buffer Overflow Vulnerability

VideoLAN VLC media player is the multimedia player of VideoLAN program. A stack buffer overflow vulnerability exists in multiple files of VideoLAN VLC Media Player in the 'ASFObjectDumpDebug', 'AVIChunkDumpDebuglevel', and 'the MP4BoxDumpStructure' functions are vulnerable to a stack buffer...

LBreakOut2 2.x Login Remote Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8021/info It has been reported that lbreakout2 is vulnerable to a format string issue in the login component. This may result in an attacker executing arbitrary code on a vulnerable host. / lbreakout2-2.5+: remote format...

GNU Sharutils <= 4.2.1 - Local Format String PoC Exploit

No description provided by source. / GNU sharutils = 4.2.1 Local Format String POC Code C0ded by n4rk0tix a.k.a nrktx [email protected] Below is a l4m3 proof of concept code for da recently reported lame bug; These binaryz have not only format bugz, but also buffer overflowz,etc.We also...

linux/x86 - nc -lvve/bin/sh -p13377 - 62 bytes

linux x86 nc -lvve/bin/sh -p13377 shellcode This shellcode will listen on port 13377 using netcat and give /bin/sh to connecting attacker Author: Anonymous Site: http://chaossecurity.wordpress.com/ Here is code written in NASM ///////////////////////////// section .text global start start: xor...