Symantec AntiVirus - Remote Stack Buffer Overflow in dec2lha Library

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=814 The dec2lha library is the library responsible for decompressing LZH and LHA archives. The CSymLHA::getheader routine has a trivial stack buffer overflow. .text:00023D91 31 C0...

Symantec AntiVirus - dec2lha Library Remote Stack Buffer Overflow (PoC)

Symantec AntiVirus - dec2lha Library Remote Stack Buffer Overflow PoC Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=814 The dec2lha library is the library responsible for decompressing LZH and LHA archives. The CSymLHA::getheader routine has a trivial stack buffer overflow...

Foxit Reader GoToR action Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

Trane ComfortLink II Stack Buffer Overflow Vulnerability

Trane ComfortLink II is a set of connection control components for use in home intelligence systems from Trane UK. A stack buffer overflow vulnerability exists in the Trane ComfortLink II using firmware version 2.0.2. A remote attacker can exploit this vulnerability by sending a long REG request ...

Unitronics VisiLogic OPLC IDE vlp File Parsing Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics VisiLogic OPLC IDE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Tomabo M3U SEH Based Stack Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Tomabo M3U SEH Based Stack Buffer Overflow', 'Description' = %q This module exploits a stack over flow in Tomabo MP4 Player...

Tomabo MP4 Player 3.11.6 - Local Stack Overflow (SEH) (Metasploit)

Tomabo MP4 Player 3.11.6 - Local Stack Overflow SEH Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Tomabo M3U SEH Based Stack Buffer Overflow', 'Description' = %q...

Squid Proxy ESI Component Stack Buffer Overflow (CVE-2016-4054)

A stack-based buffer overflow vulnerability has been reported in the Edge Side Includes ESI component of the Squid proxy. The vulnerability is due to improper handling of ESI response packets. A remote attacker could exploit this vulnerability by sending crafted ESI response data to the target...

Oracle Outside in Libraries Elevation of Privilege Vulnerabilities

This security update addresses the following vulnerabilities, which are described in Oracle Critical Patch Update Advisory - January 2016: CVE-2015-6013: Oracle Outside In 8.5.2 WK4 stack buffer overflow CVE-2015-6014: Oracle Outside In 8.5.2 DOC stack buffer overflow CVE-2015-6015: Oracle OIT...

Poison Ivy 2.1.x (C2 Server) - Remote Buffer Overflow (Metasploit)

Poison Ivy 2.1.x C2 Server - Remote Buffer Overflow Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Poison Ivy 2.1.x C2 Buffer Overflow', 'Description' = %q This...

Apple Mac OSX - Kernel Stack Buffer Overflow in GeForce GPU Driver

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=724 nvAPIClient::Escape is the sole external method of nvAcclerator userclient type 0x2a0. It implements its own method and parameter demuxing using the struct-in struct-out buffer...

Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow

Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=724 nvAPIClient::Escape is the sole external method of nvAcclerator userclient type 0x2a0. It implements its own method and parameter demuxing using the struct-in...

Poison Ivy 2.1.x - C2 Buffer Overflow (Metasploit)

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Poison Ivy 2.1.x C2 Buffer Overflow', 'Description' = %q This module...

Google Android - '/system/bin/sdcard' Stack Buffer Overflow (PoC)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=798 Android: Stack-buffer-overflow in /system/bin/sdcard There's an integer overflow issue in getnodepathlocked, which results in a buffer overflow. For all of the calling paths, this is going to overflow a stack buffer in the pare...

Poison Ivy 2.1.x (C2 Server) - Remote Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Poison Ivy 2.1.x C2 Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in the Poison Ivy 2.1.x C...

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities Micro Focus Rumba+ v9.4 Multiple Stack Buffer Overflow Vulnerabilities Vendor: Micro Focus Product web page: https://www.microfocus.com Affected version: 9.4.4058.0 and 9.4.0 SP0 Patch0 Affected products/tools : Rumba Desktop...

NRSS News Reader 0.3.9-1 Stack Buffer Overflow

Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: NRSS RSS Reader Version: 0.3.9-1 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program description: NRSS is a console based RSS read...

TRN Threaded Reader 3.6-23 Stack Buffer Overflow

Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: Threaded USENET news reader Version: 3.6-23 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program description: Threaded USENET news...

Wireshark - dissect_2008_16_security_4 Stack Buffer Overflow

Wireshark - dissect200816security4 Stack Buffer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=802 The following crash due to a stack-based buffer overflow can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tsha...

Hewlett Packard Enterprise Data Protector EXEC_BAR User Name Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within OmniInet.exe which listens by default on TCP port 5555. When...