CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

SUSE CVE•added 2023/02/15 5:41 a.m.•1 views

SUSE CVE-2013-0914

The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...

3.6CVSS6.2AI score0.00009EPSS

Exploits0References11

0day.today•added 2020/07/27 12:0 a.m.•270 views

Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)

Exploit Title: Linux/x86 - Egghunter0x50905090 + sigaction + execve/bin/sh Shellcode 35 bytes Author: danf42 Platform: Linux/x86 / sigaction2 approach to egghunting as described in the paper "Safely Searching Process Virtual Address Space" by skape The shellcode prepares the registers to start th...

7.1AI score

Exploits0

0day.today•added 2020/05/07 12:0 a.m.•70 views

Linux/x64 Anti-Debug Trick INT3 Trap Shellcode (113 bytes)

113 bytes small Linux/x64 anti-debug trick INT3 trap with execve"/bin/sh" shellcode that is NULL free. / Shellcode Title: linux/x64 anti-debug trick INT3 trap + execve"/bin/sh" - NULL Free - 113 bytes Shellcode Author: Dario Castrogiovanni Tested on: LXLE Linux 18.04 x64 Description: This shellco...

7.1AI score

Exploits0

exploitpack•added 2019/06/20 12:0 a.m.•32 views

Linux - Use-After-Free via race Between modify_ldt() and #BR Exception

Linux - Use-After-Free via race Between modifyldt and BR Exception / When a BR exception is raised because of an MPX bounds violation, Linux parses the faulting instruction and computes the linear address of its memory operand. If the userspace instruction is in 32-bit code, this involves looking...

0.4AI score

Exploits0

Veracode•added 2019/05/02 4:54 a.m.•22 views

Authorization Bypass

kernel-rt is vulnerable to authorization bypass. The vulnerability exists as it is possible to bypass the ASLR protection through a sigaction system call...

3.6CVSS5.5AI score0.00009EPSS

Exploits0References26Affected Software1

0day.today•added 2018/09/24 12:0 a.m.•34 views

Linux/ARM - sigaction() Based Egghunter (PWN!) + execve Shellcode (52 Bytes)

/ Title: Linux/ARM - sigaction Based Egghunter PWN! + execve"/bin/sh", NULL, NULL Shellcode 52 Bytes Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara System Information pi@raspberrypi: $ uname -a Linux raspberrypi 4.14.52-v7+ 1123 SMP Wed Jun 27 17:35:49 BST 2018 armv7l GNU/Linux...

7.4AI score

Exploits0

Exploit DB•added 2018/09/24 12:0 a.m.•25 views

Linux/ARM - Egghunter (PWN!) + execve("/bin/sh", NULL, NULL) + sigaction() Shellcode (52 Bytes)

Linux/ARM - Egghunter PWN! + execve"/bin/sh", NULL, NULL + sigaction Shellcode 52 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - sigaction Based Egghunter PWN! + execve"/bin/sh", NULL, NULL Shellcode 52 Bytes Date: 2018-09-24 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken...

0.1AI score

Exploits0

0day.today•added 2018/09/20 12:0 a.m.•18 views

Linux/x86 - Egghunter + sigaction-based Shellcode (27 bytes)

/ Title: Linux/x86 - Egghunter + sigaction-based Shellcode 27 bytes Author:Valbrux This exploit is a dirty-slow but small version of the sigaction-based egg hunter shellcode global start section .text ;zeroing ecx xor ecx,ecx start: ;increment inc ecx ;sigaction syscall number push byte 67 pop ea...

0.1AI score

Exploits0

Exploit DB•added 2018/09/20 12:0 a.m.•23 views

Linux/x86 - Egghunter (0x50905090) + sigaction() Shellcode (27 bytes)

Linux/x86 - Egghunter 0x50905090 + sigaction Shellcode 27 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - Egghunter + sigaction-based Shellcode 27 bytes Author:Valbrux Date: 2018-09-19 This exploit is a dirty-slow but small version of the sigaction-based egg hunter shellcode...

Exploits0

Exploit DB•added 2018/06/08 12:0 a.m.•46 views

Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)

Linux/ARM - Egghunter 0x50905090 + execve'/bin/sh' Shellcode 60 bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Memsafe egghunter 0x50905090 + execve"/bin/sh". Null free shellcode 60 bytes Date: 2018-06-06 Tested: armv7l Raspberry Pi v3 and armv6l Raspberry Pi Zero W Author: rtmcx ...

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•12 views

Linux/x86 Multi-Egghunter

No description provided by source. / Title: Multi-Egghunter Author: Ryan Fenno @ryanfenno Date: 20 September 2013 Tested on: Linux/x86 Ubuntu 12.0.3 Description: This entry represents an extension of skape's sigaction2 egghunting method 1 to multiple eggs. It is similar in spirit to BJ 'SkyLined'...

7.1AI score

Exploits0

0day.today•added 2013/09/23 12:0 a.m.•32 views

Linux/x86 Multi-Egghunter shellcode

/ Title: Multi-Egghunter Author: Ryan Fenno @ryanfenno Date: 20 September 2013 Tested on: Linux/x86 Ubuntu 12.0.3 Description: This entry represents an extension of skape's sigaction2 egghunting method 1 to multiple eggs. It is similar in spirit to BJ 'SkyLined' Wever's omelet shellcode for Win32...

7.4AI score

Exploits0

RedHat Linux•added 2013/07/16 6:21 p.m.•2 views

Kernel: sa_restorer information leak

3.6CVSS6.6AI score0.00009EPSS

Exploits0References4

Exploit DB•added 2013/05/28 12:0 a.m.•30 views

Linux/x86 - Egghunter (0x5090) Shellcode (38 bytes)

Linux/x86 - Egghunter 0x5090 Shellcode 38 bytes. Shellcode exploit for Linuxx86 platform / Title : egghunter shellcode : hunter 30 bytes, marker 8 bytes, shellcode 28 bytes Date : 28 May 2013 Author : Russell Willis Testd on: Linux/x86 SMP Debian 3.2.41-2 i686 Comments: Using sigaction system cal...

7.1AI score

Exploits0

RedHat Linux•added 2013/05/20 4:44 p.m.•3 views

Kernel: sa_restorer information leak

3.6CVSS6.6AI score0.00009EPSS

Exploits0References4