NetServer-RCE-Exploit

🛠️ Configuração do Laboratório Lab Setup Para reproduzir este...

EUVD-2020-6165

Malware in sbrugna...

EUVD-2017-9625

Malware in sbrugna...

amd: Return Address Predictor vulnerability leading to information disclosure

A side channel vulnerability was found in hw amd. Some AMD CPUs may allow an attacker to influence the return address prediction. This issue may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure...

K41582535: Linux kernel vulnerability CVE-2017-18509

Security Advisory Description An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inetcsklistenstop general protection fault, or potentially execute arbitrary code under...

CVE-2020-13995

U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable sBuffer leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DESinfo or imageinfo...

CVE-2020-13995

U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable sBuffer leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DESinfo or imageinfo...

Windows 10 Insider Preview Fast win32kbase HMMarkObjectDestroy Arbitrary Code Execution Vulnerability Regression

Summary A use after free vulnerability exists in Windows 10, Insider Preview Fast 10.0.19582.1001, when a Win32k component fails to properly handle objects in memory. Successful exploitation of this vulnerability can lead to arbitrary code execution in the kernel context and elevation of...

CVE-2017-18509

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inetcsklistenstop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue...

Design/Logic Flaw

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inetcsklistenstop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue...

CVE-2017-18509

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inetcsklistenstop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue...

CVE-2017-18509

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inetcsklistenstop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue...

Microsoft VBScript - VbsErase Memory Corruption

r eax=0000600c ebx=05dc10dc ecx=00000000 edx=00000000 esi=13371337 edi=05c5ca44 eip=6e0fc9fa esp=05c5ca28 ebp=05c5ca48 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 VBSCRIPT!VbsErase+0x5a: 6e0fc9fa 8b3e mov edi,dword ptr esi ds:002b:13371337=????????...

Apple Mac OSX Kernel - NULL Dereference in IOAccelSharedUserClient2::page_off_resource

Apple Mac OSX Kernel - NULL Dereference in IOAccelSharedUserClient2::pageoffresource / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=778 IOAccelerator external method IOAccelSharedUserClient2::pageoffresource uses the pointer at this+0x100 without checking if it's NULL. A seri...

Oracle IOT IX SDK libvs_pdf XRef Index Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0086 Oracle IOT IX SDK libvspdf XRef Index Code Execution Vulnerability April 19, 2016 CVE Number CVE-2016-3455 DESCRIPTION A vulnerability in PDF parser of the IX SDK exists that allows an out of bounds heap memory overwrite potentially leading to remote cod...

Internet Bug Bounty: Type confusion in partial.setstate, partial_repr, partial_call leads to memory corruption, reliable control flow hijack

See my official writeups here: http://bugs.python.org/issue25944 http://bugs.python.org/issue25945 The maintainers merged these bug reports. In one case, the type confusion leads to a reliable control of the instruction pointer as calling repr on a corrupted partial calls a function pointer that ...

Apple Mac OSX iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit

Apple Mac OSX iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit Source: https://code.google.com/p/google-security-research/issues/detail?id=620 I wanted to demonstrate that these iOS/OS X kernel race condition really are exploitable so here's a PoC which gets RIP on OS...

Apple Mac OSX / iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=620 I wanted to demonstrate that these iOS/OS X kernel race condition really are exploitable so here's a PoC which gets RIP on OS X. The same techniques should transfer...

Apple Mac OSX / iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit

Source: https://code.google.com/p/google-security-research/issues/detail?id=620 I wanted to demonstrate that these iOS/OS X kernel race condition really are exploitable so here's a PoC which gets RIP on OS X. The same techniques should transfer smoothly to iOS : The bug is here: void...

Null pointer dereference

The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer...