279 matches found
Android (zygote->init;) Chain from USB Privilege Escalation Exploit
Exploit for Android platform in category local exploits After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 Android ID 80436257, CVE-2018-9445, I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I discovered a...
Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)
include include include include using namespace std; / Title: WoW64Egghunter for Windows 10 32bit apps on 64bit Windows 10 Size: 50 bytes Date: 26/08/2018 Author: n30m1nd - https://www.exploit-db.com/author/?a=8766 Works in: 32 bit processes on a 64 bit Windows 10 OS How to: Compile under Visual...
kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash
A null pointer dereference in dccpwritexmit function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls...
Amazon Linux AMI : kernel (ALAS-2018-971)
Out-of-bounds write via userland offsets in ebtentry struct in netfilter/ebtables.c : A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. CVE-2018-1068 C Tenable...
Linux Kernel - BadIRET Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits CVE-2014-9322 PoC for Linux kernel CVE-2014-9322 a.k.a BadIRET proof of concept for Linux kernel. This PoC uses only syscalls not any libraries, like pthread. Threads are implemented using raw Linux syscalls. Raw Linux Threads via System Calls...
Shellen - Interactive Shellcoding Environment, In Which You Can Easily Craft Your Shellcodes
Shellen is an interactive shellcoding environment. If you want a handy tool to write shellcodes, then shellen may be your friend. Also, it can be used just as assembly/disassembly tool. It uses keystone and capstone engines for all provided operations. Shellen works only on python3. Maybe it will...
Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes)
BITS 64 ; Author Mr.Un1k0d3r - RingZer0 Team ; Read /etc/passwd Linux x8664 Shellcode ; Shellcode size 82 bytes global start section .text start: jmp pushfilename readfile: ; syscall open file pop rdi ; pop path value ; NULL byte fix xor byte rdi + 11, 0x41 xor rax, rax add al, 2 xor rsi, rsi ; s...
Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 32-bit Platforms
Apple XNU Kernel - Memory Corruption due to Integer Overflow in offsetof Usage in posixspawn on 32-bit Platforms posixspawn is a complex syscall which takes a lot of arguments from userspace. The third argument is a pointer to a further arguments descriptor in userspace with the following structu...
Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation
/ disablemapminadd.c / / / include include include include include include include / offsets might differ, kernel was custom compiled you can read vmlinux and caculate the offset when testing / / define OFFSETKERNELBASE 0x000000 / define MMAPMINADDR 0x1101de8 define DACMMAPMINADDR 0xe8e810 / get...
Unsupervised Coverage-Guided Kernel Fuzzer: syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it’s being extended to support other ...
Amazon Linux AMI : kernel (ALAS-2017-901)
A buffer overflow was discovered in tpacketrcv function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a...
Medium: kernel
Issue Overview: A buffer overflow was discovered in tpacketrcv function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory...
CVE-2017-14497
A buffer overflow was discovered in tpacketrcv function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a...
CVE-2017-14489
The iscsiifrx function in 'drivers/scsi/scsitransportiscsi.c' in the Linux kernel from v2.6.24-rc1 through 4.13.2 allows local users to cause a denial of service a system panic by making a number of certain syscalls by leveraging incorrect length validation in the kernel code...
USN-3406-1: Linux kernel vulnerabilities
It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or expose sensitive information. CVE-2016-7914 It was discovered that a NULL pointer dereferenc...
Linux/x86_64 - Fork Bomb Shellcode (11 bytes)
Linux/x8664 - Fork Bomb Shellcode 11 bytes. Shellcode exploit for Linx86-64 platform / ;Title: Linux/x8664 - fork Bomb 11 bytes ;Author: Touhid M.Shaikh ;Contact: https://twitter.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: WARNING! this shellcode may crash your...
Code injection
In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated...
Oracle Linux 7 : openssh (ELSA-2017-2029)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2029 advisory. 7.4p1-11 + 0.10.3-1 - Compiler warnings 1341754 7.4p1-10 + 0.10.3-1 - Add missing messages in FIPS mode 1341754 7.4p1-9 + 0.10.3-1 - Allow harmless...
openssh security, bug fix, and enhancement update
7.4p1-11 + 0.10.3-1 - Compiler warnings 1341754 7.4p1-10 + 0.10.3-1 - Add missing messages in FIPS mode 1341754 7.4p1-9 + 0.10.3-1 - Allow harmless syscalls for s390 crypto modules 1451809 7.4p1-8 + 0.10.3-1 - Fix multilib issue in documentation 1450361 7.4p1-6 + 0.10.3-1 - ControlPath too long...
kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c
Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...