Disk Savvy HTTP POST Request Handling Remote Stack Buffer Overflow

Disk Savvy product contains an overflow condition that is triggered when handling overly large HTTP POST requests e.g. sent to /login. This may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if...

ASX to MP3 Converter Remote Stack Buffer Overflow Vulnerability

ASX to MP3 Converter can convert ASX, ASF, WMA and WMV formats to mp3 conveniently, the conversion speed can be adjusted at will, and allows batch conversion of subdirectory files in a recursive manner. ASX to MP3 Converter suffers from a remote stack buffer overflow vulnerability. An attacker...

Multiple OEM - nsd Remote Stack Format String (PoC)

Exploit for multiple platform in category dos / poc STX Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Ful...

Vivotek IP Cameras - Remote Stack Overflow (PoC) Vulnerability

Exploit for multiple platform in category remote exploits STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no...

Stack overflow

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM Radio Interface Module process running on the WiNG Access Point via crafted packets...

SUSE SLED12 / SLES12 Security Update : libevent (SUSE-SU-2018:0200-1)

This update for libevent fixes the following security issues : - CVE-2016-10195: DNS remote stack overread vulnerability bsc1022917 - CVE-2016-10196: stack/buffer overflow in evutilparsesockaddrport bsc1022918 - CVE-2016-10197: out-of-bounds read in searchmakenew bsc1022919 Note that Tenable...

RAVPower 2.000.056 - Memory Disclosure

RAVPower 2.000.056 - Memory Disclosure """ Exploit Title: RAVPower - remote stack disclosure Date: 22/01/2018 Exploit Author: Daniele Linguaglossa Vendor Homepage: https://www.ravpower.com/ Software Link: https://www.ravpower.com/ Version: 2.000.056 Tested on: OSX CVE : CVE-2018-5319 """ import...

RAVPower 2.000.056 - Memory Disclosure

""" Exploit Title: RAVPower - remote stack disclosure Date: 22/01/2018 Exploit Author: Daniele Linguaglossa Vendor Homepage: https://www.ravpower.com/ Software Link: https://www.ravpower.com/ Version: 2.000.056 Tested on: OSX CVE : CVE-2018-5319 """ import socket import sys import re author =...

RAVPower 2.000.056 - Memory Disclosure Exploit

Exploit for hardware platform in category dos / poc """ Exploit Title: RAVPower - remote stack disclosure Date: 22/01/2018 Exploit Author: Daniele Linguaglossa Vendor Homepage: https://www.ravpower.com/ Software Link: https://www.ravpower.com/ Version: 2.000.056 Tested on: OSX CVE : CVE-2018-5319...

nsd Format String

STX Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full Disclosure: 0-Day - PoC - 1 $ curl...

Vivotek IP Cameras - Remote Stack Overflow (PoC)

STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials needed Firmware Vulnerable: Only 2017 versions...

Vivotek IP Cameras - Remote Stack Overflow

Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials needed Firmware Vulnerable: Only 2017 versions...

Vivotek IP Cameras Remote Stack Overflow

STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials needed Firmware Vulnerable: Only 2017 versions...

Vivotek IP Cameras Remote Stack Overflow Vulnerability

Many Vivotek IP cameras suffer from a remote stack overflow vulnerability. Device models include CC8160, CC8370, CC8371, CD8371, FD8166A, FD8166A, FD8166A-N, FD8167A, FD8167A, FD8167AS, FD8167AS, FD8169A, FD8169A, FD8169A, FD8169AS, FD8169AS, FD816B, FD816B, FD816BA, FD816BA, FD816C, FD816C,...

CVE-2017-9544

CVE-2017-9544 affects EFS Software Easy Chat Server, versions 2.0–3.1. The issue is a remote stack-based/SEH buffer overflow in register.ghp when a long username is sent to registresult.htm during user registration, enabling arbitrary code execution. Public references include an exploit example i...

ConQuest DICOM Server 1.4.17d Remote Stack Buffer Overflow

!/usr/bin/env python -- coding: utf8 -- ConQuest DICOM Server 1.4.17d Remote Stack Buffer Overflow RCE Vendor: University of Manchester. Developed by Marcel van Herk, Lambert Zijp and Jan Meinders. The Netherlands Cancer Institute Product web page: https://ingenium.home.xs4all.nl/dicom.html |...

Airties Air5650v3TT Remote Stack Overflow

!/usr/bin/env python Exploit for the AIRTIES Air5650v3TT Spawns a reverse root shell Author: Batuhan Burakcin Contact: [email protected] Twitter: @batuhanburakcin Web: http://www.bmicrosystems.com import sys import time import string import socket, struct import urllib, urllib2, httplib i...

Airties Air5650TT - Remote Stack Overflow Exploit

Exploit for multiple platform in category remote exploits !/usr/bin/env python Exploit for the AIRTIES Air5650v3TT Spawns a reverse root shell Author: Batuhan Burakcin Contact: email protected Twitter: @batuhanburakcin Web: http://www.bmicrosystems.com import sys import time import string import...

Airties Air5650TT - Remote Stack Overflow

!/usr/bin/env python Exploit for the AIRTIES Air5650v3TT Spawns a reverse root shell Author: Batuhan Burakcin Contact: [email protected] Twitter: @batuhanburakcin Web: http://www.bmicrosystems.com import sys import time import string import socket, struct import urllib, urllib2, httplib i...

Airties Air5650TT - Remote Stack Overflow

Airties Air5650TT - Remote Stack Overflow !/usr/bin/env python Exploit for the AIRTIES Air5650v3TT Spawns a reverse root shell Author: Batuhan Burakcin Contact: [email protected] Twitter: @batuhanburakcin Web: http://www.bmicrosystems.com import sys import time import string import socket...