CVE-2018-25355

Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input in the Interpret or Album fields that triggers a buffer overflow, overwriting SEH pointers a...

CVE-2018-25307

SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during registration to execute...

CVE-2018-25307

SysGauge Pro 4.6.12 has a local buffer overflow in the Register function that allows an attacker to overwrite the Structured Exception Handler by providing a crafted unlock key. The vulnerability enables shellcode injection via the Unlock Key field during registration, resulting in arbitrary code...

Flexense SysGauge Pro 安全漏洞

Flexense SysGauge Pro is a system analysis tool developed by Flexense Corporation, designed for real-time monitoring of system performance and resource usage. Version 4.6.12 of Flexense SysGauge Pro contains a security vulnerability. This vulnerability stems from a local buffer overflow in the...

binary-exploitation-writeups

Binary Exploitation Writeups A collection of pwn challenges c...

CVE-2018-25213

CVE-2018-25213 affects Nsauditor 3.0.28.0. The vulnerability is a structured exception handling (SEH) buffer overflow in the DNS Lookup tool that enables local attackers to achieve code execution with the application’s privileges by supplying specially crafted input to the DNS Query field. The de...

EUVD-2019-20014

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload...

EUVD-2019-19998

AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging...

CVE-2019-25637

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload...

EUVD-2019-19959

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...

CVE-2019-25619

The CVE-2019-25619 case affects FTP Shell Server 6.83. A buffer overflow is triggered in the 'Account name to ban' field, enabling local attackers to execute arbitrary code by supplying a crafted string. The account name parameter in the Manage FTP Accounts dialog can be used to inject shellcode ...

CVE-2019-25609

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...

PT-2026-26997

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger...

PT-2026-27007

FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite t...

ShellExploit

This project is no longer supported PowerSploit is a col...

Vulnserver-Buffer-Overflow-Automation

Vulnserver-Buffer-Overflow-Automation A modular Python 3 autom...

CVE-2023-31447

userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...

binary-exploitation-playground

Binary Exploitation Playground 🚩 Repository ini berisi kumpul...

EUVD-2023-35755

Malicious code in bioql PyPI...

FAUST: A Phobos Ransomware Variant Launches Fileless Attack

Summary: FAUST ransomware, a variant of the Phobos family, exhibiting intricate deployment stages, from decoding Base64 data to injecting shellcode. Notably, it employs a fileless attack through an Office document with a VBA script, emphasizing the need for user caution with document files from...