Linux/x86 - Egg-hunter Shellcode (13 bytes)

/ Title: Egg Hunter PoC Platform: linux/x86 Date: 2015-01-07 Author: Dennis 'dhn' Herrmann Website: https://zer0-day.pw Github: https://github.com/dhn/SLAE/ SLAE-721 / / egghunter.nasm --------------- BITS 32 global start section .text EGGSIG equ 0x4f904790 ; signature start: cdq ; zero out edx m...

Linux x86 - Egg-hunter 13 bytes

Linux x86 - Egg-hunter 13 bytes. Shellcode exploit for linx86 platform / Title: Egg Hunter PoC Platform: linux/x86 Date: 2015-01-07 Author: Dennis 'dhn' Herrmann Website: https://zer0-day.pw Github: https://github.com/dhn/SLAE/ SLAE-721 / / egghunter.nasm --------------- BITS 32 global start...

linux/x86-64 - Encoded execve shellcode

/ Compile with: gcc -fno-stack-protector -z execstack This execve shellcode is encoded with 0xff and is for 64 bit linux. shell: file format elf64-x86-64 Disassembly of section .text: 0000000000400080 : 400080: 48 b9 ff ff ff ff ff movabs rcx,0xffffffffffffffff 400087: ff ff ff 40008a: 49 b8 ae b...

TestDisk 6.14 Check_OS2MB Stack Buffer Overflow Vulnerability

This document details a stack based buffer overflow vulnerability within TestDisk version 6.14. A buffer overflow is triggered within the software when a malicious disk image is attempted to be recovered. This may be leveraged by an attacker to crash TestDisk and gain control of program execution...

musl: arbitrary code execution

A stack-based buffer overflow has been found in musl libc's ipv6 address literal parsing code. Programs which call the inetpton or getaddrinfo function with AFINET6 or AFUNSPEC and untrusted address strings are affected. Successful exploitation yields control of the return address. Having enabled...

Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (30 bytes)

Linux/x86 - execve/bin/sh + Obfuscated Shellcode 30 bytes. Shellcode exploit for Linuxx86 platform / Title : Obfuscated execve /bin/sh 30 bytes Date : 3rd July 2013 Author : Russell Willis System : Linux/x86 SMP Debian 3.2.41-2 i686 To build: gcc -fno-stack-protector -z execstack -o shellcode...

Linux/x86 - Bind TCP Shell Shellcode (112 bytes)

Linux/x86 - Bind TCP Shell Shellcode 112 bytes. Shellcode exploit for Linuxx86 platform / Title : Obfuscated tcp bind shell 112 bytes Date : 3 July 2013 Author : Russell Willis System : Linux/x86 SMP Debian 3.2.41-2 i686 To build: gcc -fno-stack-protector -z execstack shellcode.c -o shellcode...

CVE-2013-3951

sys/openbsd/stackprotector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the...

CVE-2013-3951

sys/openbsd/stackprotector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the...

Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes)

Linux/x86 - Reboot + Mutated + Null-Free Shellcode 55 bytes. Shellcode exploit for Linuxx86 platform / Mutated Reboot Shellcode - C Language - Linux/x86 Copyright C 2013 Geyslan G. Bem, Hacking bits http://hackingbits.com [email protected] This program is free software: you can redistribute it...

Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)

Linux/x86 - Bind TCP Random TCP Port Shell + Null-Free Shellcode 57 bytes. Shellcode exploit for Linuxx86 platform / Tiny Shell Bind TCP Random Port Shellcode - C Language Linux/x86 Written in 2013 by Geyslan G. Bem, Hacking bits http://hackingbits.com [email protected] This source is licensed...

CVE-2011-2685

Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file...

CVE-2010-2542

Stack-based buffer overflow in the isgitdirectory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy...

CVE-2010-1850

Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COMFIELDLIST command with a long table name...

CVE-2010-1853

Multiple stack-based buffer overflows in the trmagnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted magnet URL with a large number of 1 tr or 2 ws links...

Fedora 11 : kernel-2.6.30.9-96.fc11 (2009-11032)

Tue Nov 3 2009 Kyle McMartin 2.6.30.9-96 - fs/pipe.c: fix NULL pointer dereference CVE-2009-3547 - Sun Oct 25 2009 Chuck Ebbert 2.6.30.9-95 - Disable the stack protector on functions that don't have onstack arrays. - Thu Oct 22 2009 Chuck Ebbert 2.6.30.9-94 - Fix overflow in KVM cpuid code...

CVE-2009-3569

Stack-based buffer overflow in OpenOffice.org OOo allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side stack overflow exploit." NOTE: as of 20091005, this disclosure has no actionable...