Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)

Linux/x86 - execve/bin/sh Polymorphic Shellcode 30 bytes. Shellcode exploit for Linx86 platform / Title: Linux/x86 - Polymorphic execve /bin/sh x86 shellcode - 30 bytes Author: Manuel Mancera @sinkmanu Tested on: Linux 3.16.0-4-586 1 Debian 3.16.43-2+deb8u2 2017-06-26 i686 GNU/Linux...

VX Search Enterprise 10.1.12 Buffer Overflow

!/usr/bin/env python Exploit Title : VX Search Enterprise v10.1.12 Remote Buffer Overflow Exploit Author : Revnic Vasile Email : revnicatgmaildotcom Date : 09-10-2017 Vendor Homepage : http://www.flexense.com/ Software Link : http://www.vxsearch.com/setups/vxsearchentsetupv10.1.12.exe Version :...

ASX To MP3 3.1.3.7 Buffer Overflow

Exploit Title: Buffer Overflow via crafted malicious .m3u file Exploit Author: Parichay Rai Tested on: XP Service Pack 3 CVE : CVE-2017-15221 Description ------------ A buffer overflow Attack possible due to improper input mechanism Proof of Concept ---------------- !/usr/bin/python This exploit...

ASX to MP3 3.1.3.7 - '.m3u' Local Buffer Overflow

Exploit Title: Buffer Overflow via crafted malicious .m3u file Exploit Author: Parichay Rai Tested on: XP Service Pack 3 CVE : CVE-2017-15221 Description ------------ A buffer overflow Attack possible due to improper input mechanism Proof of Concept ---------------- !/usr/bin/python This exploit...

ASX to MP3 3.1.3.7 - .m3u Local Buffer Overflow

ASX to MP3 3.1.3.7 - .m3u Local Buffer Overflow Exploit Title: Buffer Overflow via crafted malicious .m3u file Exploit Author: Parichay Rai Tested on: XP Service Pack 3 CVE : CVE-2017-15221 Description ------------ A buffer overflow Attack possible due to improper input mechanism Proof of Concept...

VX Search Enterprise 10.1.12 - Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/env python Exploit Title : VX Search Enterprise v10.1.12 Remote Buffer Overflow Exploit Author : Revnic Vasile Email : revnicatgmaildotcom Date : 09-10-2017 Vendor Homepage : http://www.flexense.com/ Software Link :...

ASX to MP3 converter < 3.1.3.7 - Stack Overflow (DEP Bypass) Exploit

Exploit for windows platform in category local exploits import struct,sys head =''' REF HREF="mms://site.com/ach/music/smpl/LACA-05928-002-tes''' offset 17375 junk = "A" 17375 0x1003df8e 0x774e1035 EIP="\x36\x10\x4e\x77" adjust="A" 4 def createropchain: ropgadgets = 0x73dd5dce, POP EAX RETN...

VX Search Enterprise 10.1.12 - Remote Buffer Overflow

VX Search Enterprise 10.1.12 - Remote Buffer Overflow !/usr/bin/env python Exploit Title : VX Search Enterprise v10.1.12 Remote Buffer Overflow Exploit Author : Revnic Vasile Email : revnicatgmaildotcom Date : 09-10-2017 Vendor Homepage : http://www.flexense.com/ Software Link :...

ASX to MP3 converter &lt; 3.1.3.7 - &#039;.asx&#039; Local Stack Overflow (DEP Bypass)

import struct,sys head =''' REF HREF="mms://site.com/ach/music/smpl/LACA-05928-002-tes''' offset 17375 junk = "A" 17375 0x1003df8e 0x774e1035 EIP="\x36\x10\x4e\x77" adjust="A" 4 def createropchain: ropgadgets = 0x73dd5dce, POP EAX RETN MFC42.DLL 0x5d091368, ptr to &VirtualProtect IAT COMCTL32.dll...

Easy MPEGAVIDIVXWMVRM to DVD - Enter User Name Local Buffer Overflow (SEH)

Easy MPEGAVIDIVXWMVRM to DVD - Enter User Name Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Field Buffer Overflow SEH Date: 05-10-2017 Exploit Author: Venkat Rajgor Vendor Homepage: http://www.divxtodvd.net/ Software Link:...

Dup Scout Enterprise 10.0.18 - Import Command Local Buffer Overflow

Dup Scout Enterprise 10.0.18 - Import Command Local Buffer Overflow !/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: Dup Scout Enterprise v10.0.18 "Import Comman...

Linux/x86_64 - mkdir() evil Shellcode (30 bytes)

/ ;Title: Linux/x8664 - mkdir shellcode 30 bytes ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: Create Folder with 755 permission. ; You can Change folder by change code in ASM in fname Field ;Shellcode Length: 30...

Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response

Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 The exploit gains code execution on the Wi-Fi firmware on the iPhone 7. The exploit has been tested against the Wi-Fi firmware as...

Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 The exploit gains code execution on the Wi-Fi firmware on the iPhone 7. The exploit has been tested against the Wi-Fi firmware as present on iOS 10.2 14C92, but should work on all versions of iOS up to 10.3.3 included. However...

Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes)

Linux/x8664 - mkdir 'evil' Shellcode 30 bytes. Shellcode exploit for Linx86-64 platform / ;Title: Linux/x8664 - mkdir shellcode 30 bytes ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: Create Folder with 755...

CyberLink LabelPrint < 2.5 - Buffer Overflow (SEH Unicode) Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: CyberLink LabelPrint =2.5 File Project Processing Unicode Stack Overflow Date: September 23, 2017 Exploit Author: f3ci Vendor Homepage: https://www.cyberlink.com/ Software Link:...

Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Disk Pulse Enterprise GET Buffer Overflow', 'Description' = %q This module exploits an SEH buffer overflow in Disk Pulse Enterprise 9.9.16. If a...

VulnCheck KEV: CVE-2017-20201

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API...

Netdecision 5.8.2 - Local Privilege Escalation

// Netdecision.cpp : Defines the entry point for the console application. / Exploit Title: Netdecision 5.8.2 - Local Privilege Escalation - Winring0x32.sys Date: 2017.09.17 Exploit Author: Peter Baris Vendor Homepage: www.netmechanica.com Software Link: http://www.netmechanica.com/downloads/...

Netdecision 5.8.2 - Local Privilege Escalation

Netdecision 5.8.2 - Local Privilege Escalation // Netdecision.cpp : Defines the entry point for the console application. / Exploit Title: Netdecision 5.8.2 - Local Privilege Escalation - Winring0x32.sys Date: 2017.09.17 Exploit Author: Peter Baris Vendor Homepage: www.netmechanica.com Software...