65 matches found
kernel: Incorrectly mapped contents of PIE executable
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected...
PT-2017-2409 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux Kernel version 4.11.5 Description: The issue is related to insufficient access control in the Linux kernel, which can be exploited by a local attacker to manipulate stack data. On AMD64 systems, the Linux Kernel may map the contents of...
Linux x86 - Egg-hunter 20 bytes
Linux x86 - Egg-hunter 20 bytes. Shellcode exploit for linx86 platform ; Egg Hunter 20 bytes ; - searches from current addr towards lower memory ; - marker: 0x5159 push ecx,pop ecx ; Paw Petersen, SLAE-656 ; https://www.pawpetersen.dk/slae-assignment-3-egg-hunter-linux-x86/ global start section...
BSD ftpd 0.3.2 Single Byte Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2124/info The ftp daemon derived from 4.x BSD source contains a serious vulnerability that may compromise root access. There exists a one byte overflow in the replydirname function. The overflow condition is due to an...
(Pwn2Own) Adobe Reader Sandbox Bypass Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Microsoft Publisher 2007 Pubconv.dll内存破坏漏洞
CVE ID: CVE-2011-1508 Microsoft Publisher是微软公司发行的桌面出版应用软件。 Publisher 2007中存在输入验证错误,可被远程攻击者利用通过诱使用户在文档中插入特制的.pub文件执行任意代码。 通过修改.pub文件,可使pubconv.dll库复制很多文件内容到栈中,从而覆盖稍后执行的函数指针。 Microsoft Publisher 2007 12.0.6546.5000 厂商补丁: Microsoft --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2010-3085
The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues...
DEBIAN-CVE-2010-3085
The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues...
UBUNTU-CVE-2010-3085
The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues...
CVE-2010-3085
The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues...
CVE-2010-3085
The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues...
CVE-2010-3085
The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues...
CVE-2010-3085
Summary (CVE-2010-3085): Mednafen’s network-play implementation prior to version 0.8.D allows a remote server to execute arbitrary code via unspecified vectors related to stack manipulation. The vulnerability could grant the attacker code execution with the privileges of the Mednafen process. Aff...
minerCPP 0.4b Buffer Overflow / Format String
!/usr/bin/env python minerCPP 0.4b Remote BOF+Format String Attack Exploit Software Link: http://sourceforge.net/projects/minercpp/ Author: l3D Sites: http://xraysecurity.blogspot.com, http://nullbyte.org.il IRC: irc://irc.nix.co.il Email: [email protected] Tested on Windows 7 In order to make...
freebsd/x86 - /bin/cat /etc/master.passwd NULL free 65 bytes
freebsd/x86 /bin/cat /etc/master.passwd NULL free 65 bytes. Shellcode exploit for freebsdx86 platform ; sm4x 2008 ; /bin/cat /etc/master.passwd ; 65 bytes ; FreeBSD 7.0-RELEASE global start start: xor eax, eax ; --- setuid0 push eax push eax mov al, 0x17 int 0x80 ; --- setup /etc/master.passwd jm...
Linux Kernel 2.4.22 "do_brk()" local Root Exploit (PoC)
No description provided by source. ; Christophe Devine devine at cr0.net and Julien Tinnes julien at cr0.org ; ; This exploit uses sysbrk directly to expand his break and doesn't rely ; on the ELF loader to do it. ; ; To bypass a check in sysbrk against available memory, we use a high ; virtual...
ANDR : Format String Vulnerability
Format string vulnerability Andrey Kolischak March, 2001 [email protected] Format string vulnerability It is no secret that most of the software, in addition to specific vulnerabilities, contains “holes” associated with an incorrect programming style. If some of these holes, such as buffer overflows,...
FreeBSD : mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities (91c606fc-b5d0-11d9-a788-0001020eed82)
A xine security announcement reports : By a user receiving data from a malicious network streaming server, an attacker can overrun a heap buffer, which can, on some systems, lead to or help in executing attacker-chosen malicious code with the permissions of the user running a xine-lib based media...
Linux Kernel 2.4.22 ""do_brk()"" local Root Exploit (PoC)
No description provided by source. ; Christophe Devine devine at cr0.net and Julien Tinnes julien at cr0.org ; ; This exploit uses sysbrk directly to expand his break and doesn't rely ; on the ELF loader to do it. ; ; To bypass a check in sysbrk against available memory, we use a high ; virtual...
SCO OpenServer 5.0.5 - Env Local Stack Overflow
/ Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: SCO OpenServer mscreen / / Tested under: SCO OpenServer 5.0.5 / / By: K...