Sysax Multi Server 6.50 - HTTP File Share SEH Overflow Remote Code Execution

Exploit for windows platform in category remote exploits Exploit Title: Sysax Multi Server 6.50 HTTP File Share SEH Overflow RCE Exploit Date: 03/21/2016 Exploit Author: Paul Purcell Contact: ptpxploit at gmail Vendor Homepage: http://www.sysax.com/ Vulnerable Version Download:...

UBUNTU-CVE-2016-3134

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service heap memory corruption via an IPTSOSETREPLACE setsockopt call...

x86 Windows Null-Free Download & Run via WebDAV Shellcode 96 bytes

x86 Windows Null-Free Download & Run via WebDAV Shellcode 96 bytes. Shellcode exploit for win32 platform / Author: Sean Dillon Copyright: c 2016 RiskSense, Inc. https://risksense.com Release Date: March 1, 2016 Description: x86 Windows null-free download & run via WebDAV shellcode Assembled Size:...

ntp: missing check for zero originate timestamp

It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements...

OpenSSH CVE-2 0 1 6-0 7 7 7 private key to steal technical analysis-vulnerability warning-the black bar safety net

Remembered used to write a lot of advertising procedures, estimation also not many people see. Then see“days eye APT the Team”and“3 6 0 security suit team”of people for black output only wrote the phrase“people do, day in see”, a bit of sentiment. Quickly put the sb type of ad deleted, cannot be...

Microsoft Office PowerPoint Remote Code Execution Vulnerability (3124585)

This host is missing an important security update according to Microsoft Bulletin MS16-004. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

UBUNTU-CVE-2015-8923

The processextra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service crash via a crafted zip file...

Base64 Decoder 1.1.2 - Overwrite (SEH) (PoC)

Base64 Decoder 1.1.2 - Overwrite SEH PoC Exploit: b64dec SEH OverWrite. Date: 12/18/2015 Exploit Author: UnN0n Vendor: Tim Rohlfs Software Link: http://4mhz.de/b64dec.html Version: 1.1.2 Tested on: Windows 7 x6464bit Dump SEH chain of thread 00000EC0 Address SE handler 024CFC50 b64dec.00458140...

UBUNTU-CVE-2015-8078

Integer overflow in the indexurlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the sectionoffset variable. NOTE: this vulnerability exists because of an incomplete fix for...

python: buffer() integer overflow leading to out of bounds read

An integer overflow flaw was found in the way the buffer function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash...

Microsoft Windows Kernel - SURFOBJ Null Pointer Dereference (MS15-061)

Microsoft Windows Kernel - SURFOBJ Null Pointer Dereference MS15-061 Source: https://code.google.com/p/google-security-research/issues/detail?id=312 This issue is very likely a null pointer issue affecting 32-bit Windows version. The offset is from add onto another offset which isn't quite zero, ...

Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion

Source: https://code.google.com/p/google-security-research/issues/detail?id=465 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 ...

Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion

Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=465 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for...

DEBIAN-CVE-2015-6247

The dissectopenflowtablemodv5 function in epan/dissectors/packet-openflowv5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

Microsoft Office 2007 - wwlib.dll fcPlcfFldMom Uninitialized Heap Usage

Microsoft Office 2007 - wwlib.dll fcPlcfFldMom Uninitialized Heap Usage Source: https://code.google.com/p/google-security-research/issues/detail?id=424&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier...

Windows ATMFD.DLL Out-of-Bounds Read Due to Malformed FDSelect Offset in the CFF Table Exploit

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=392&can=1 We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as: ---...

Linux/x86 Memory Sinkhole Proof Of Concept

; memory sinkhole proof of concept ; hijack ring -2 execution through the apic overlay attack. ; deployed in ring 0 ; the SMBASE register of the core under attack TARGETSMBASE equ 0x1f5ef800 ; the location of the attack GDT. ; this is determined by which register will be read out of the APIC ; fo...

Linux Kernel (x86) - Memory Sinkhole Privilege Escalation

Linux Kernel x86 - Memory Sinkhole Privilege Escalation ; memory sinkhole proof of concept ; hijack ring -2 execution through the apic overlay attack. ; deployed in ring 0 ; the SMBASE register of the core under attack TARGETSMBASE equ 0x1f5ef800 ; the location of the attack GDT. ; this is...

Linux Kernel (x86) - Memory Sinkhole Privilege Escalation

; memory sinkhole proof of concept ; hijack ring -2 execution through the apic overlay attack. ; deployed in ring 0 ; the SMBASE register of the core under attack TARGETSMBASE equ 0x1f5ef800 ; the location of the attack GDT. ; this is determined by which register will be read out of the APIC ; fo...

python: buffer() integer overflow leading to out of bounds read

An integer overflow flaw was found in the way the buffer function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash...