CVE-2024-50169 vsock: Update rx_bytes on read_skb()

In the Linux kernel, the following vulnerability has been resolved: vsock: Update rxbytes on readskb Make sure virtiotransportincrxpkt and virtiotransportdecrxpkt calls are balanced i.e. virtiovsocksock::rxbytes doesn't lie after vsocktransport::readskb. While here, also inform the peer that we'v...

CVE-2024-50169

CVE-2024-50169 is a Linux kernel vulnerability in virtio_vsock/rx accounting. The connected Nessus entry confirms a concrete fix: after vtock read_skb(), the kernel now updates rx_bytes via virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt() to keep rx_bytes in sync with dequeued pack...

CVE-2024-50169 vsock: Update rx_bytes on read_skb()

In the Linux kernel, the following vulnerability has been resolved: vsock: Update rxbytes on readskb Make sure virtiotransportincrxpkt and virtiotransportdecrxpkt calls are balanced i.e. virtiovsocksock::rxbytes doesn't lie after vsocktransport::readskb. While here, also inform the peer that we'v...

CVE-2024-26923

CVE-2024-26923 is a Linux kernel vulnerability in AF_UNIX garbage collection. The race occurs when a GC pass enqueues an embryo that has a peer carrying SCM_RIGHTS, causing the inflight set to differ between passes. This can leave a dangling pointer in the gc_inflight_list and may lead to memory ...

CVE-2024-26923 af_unix: Fix garbage collector racing against connect()

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCMRIGHTS, two consecutiv...

CVE-2024-26923 af_unix: Fix garbage collector racing against connect()

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCMRIGHTS, two consecutiv...

CVE-2021-47068

A flaw was found in the Linux kernel’s Near Field Communication NFC subsystem. The issue involves a use-after-free condition introduced by commits to fix reference count leaks. This vulnerability can be triggered if the same local address is assigned to two different sockets, leading to a potenti...

Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)

BITS 64 ; reverse ip6 tcp shell ; size = 113 bytes depends of ip addr, default is ::1 ; nullbytes free depends only on ip addr, ; you could always and the ip add to remove ; the nulls like i did with the port ; it sleeps and then tries to recconect default 3 seconds ; ;shell =...

Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Local Privilege Escalation

// CAPNETADMIN - root LPE exploit for CVE-2016-9793 // No KASLR, SMEP or SMAP bypass included // Affected kernels: 3.11 - 4.8 // Tested in QEMU only // https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793 // // Usage: // gcc -pthread exploit.c -o exploit // chown guest:guest exploit...

FreeBSD Kernel (FreeBSD 10.2 x64) - sendmsg Kernel Heap Overflow (PoC)

FreeBSD Kernel FreeBSD 10.2 x64 - sendmsg Kernel Heap Overflow PoC include include include include include include include include include include void atagetxportvoid; int kprintfconst char fmt, ...; char ostype; void resolvechar name struct kldsymlookup ksym; ksym.version = sizeofksym;...

TCP Bindshell with Password Prompt - 162 bytes

TCP Bindshell with Password Prompt - 162 bytes. Shellcode exploit for linux platform /--------------------------------------------------------------------------------------------------------------------- / Title: tcp bindshell with password prompt in 162 bytes Author: Sathish kumar Contact:...

Command Shell, Reverse TCP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include...

Linux Kernel SCTP_GET_ASSOC_STATS() Buffer Overflow

include include include include define SCTPGETASSOCSTATS 112 define SOLSCTP 132 int mainvoid char buf =...

Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode

Solaris/SPARC - Bind TCP 2001/TCP Shell /bin/sh Shellcode. Shellcode exploit for SolarisSPARC platform !!! $Id: sparc-bind.s,v 1.1 2003/03/01 01:10:51 ghandi Exp $ !!! Bind /bin/sh to TCP port 2001. Calls setuid0 so /bin/sh won't !!! drop privileges. After assembly, change the third byte in the !...

Emulive Server4 7560 Remote Denial of Service Exploit

No description provided by source. !/usr/bin/perl EmuLive Server4 Commerce Edition Build 7560 Remote crash proof of conecpt code. When the machine running Server4 recieves a malformed request on TCP port 66 it crashes very hard! GulfTech Security http://www.gulftech.org use IO::Socket; unless...

NaviCOPA Web Server 2.01 - GET Remote Buffer Overflow

NaviCOPA Web Server 2.01 - GET Remote Buffer Overflow / naviexp.c NaviCOPA Web Server 2.01 0day Remote Buffer Overflow Exploit Coded by h07 Tested on XP SP2 Polish, 2000 SP4 Polish Example: C:\naviexp 192.168.0.1 0 NaviCOPA Web Server 2.01 0day Remote Buffer Overflow Exploit Coded by h07 + Sendin...