DHCP Exhaustion Script: DHCPig

DHCP Exhaustion Script DHCPig initiates an advanced DHCP exhaustion attack. It will consume all IPs on the LAN, stop new users from obtaining IPs, release any IPs in use, then for good measure send gratuitous ARP and knock all windows hosts offline. It requires scapy =2.1 library and admin...

Zookeeper 3.5.2 - Denial of Service Exploit

Exploit for linux platform in category dos / poc !/usr/bin/python Exploit Title: Zookeeper Client Denial Of Service Port 2181 Date: 2/7/2017 Exploit Author: Brandon Dennis Email: email protected Software Link: http://zookeeper.apache.org/releases.htmldownload Zookeeper Version: 3.5.2 Tested on:...

Dump and Analyze .Net Applications Memory: MemoScope.Net

Dump and Analyze .Net Applications Memory MemoScope.Net is a tool to analyze .Net process memory: it can dump an application’s memory in a file and read it later. The dump file contains all data objects and threads state, stack, call stack. MemoScope.Net will analyze the data and help you to find...

VMware Player Code Execution And Privilege Escalation Vulnerabilities (VMSA-2012-0015) - Windows

VMware Player is prone to code execution and privilege escalation vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Samsung Note Denial of Service Vulnerability (CNVD-2017-00581)

Samsung Note is a smartphone released by the South Korean company Samsung Samsung. A security vulnerability exists in Samsung Note devices that stems from the program's failure to limit the number of active VR service threads. An attacker could cause a system crash by creating a large number of...

CVE-2017-5351

Samsung Note devices with KK4.4, L5.0/5.1, and M6.0 software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650...

Code injection

Samsung Note devices with KK4.4, L5.0/5.1, and M6.0 software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650...

CVE-2017-5351

Samsung Note devices with KK4.4, L5.0/5.1, and M6.0 software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650...

CVE-2017-5351

Samsung Note devices with KK4.4, L5.0/5.1, and M6.0 software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650...

Windows Server 2008 R2 domain controller crashes when two threads use the same LDAP connection

Windows Server 2008 R2 domain controller crashes when two threads use the same LDAP connection Summary This update fixes an access violation on the LSASS.exe process. This issue occurs because the Lightweight Directory Access Protocol LDAP connection is disconnected and reset from another thread...

kedus.org XSS vulnerability

Vulnerable URL: http://www.kedus.org/threads-detail.php?page=317=54=32'"--!...

HatDBG - Minimal WIN32 Debugger in Powershell

The HatDBG is A pure Powershell win32 debugging abstraction class. The goal of this project is to make a powershell debugger. It is intended to be used during internal penetration tests and red team engagements. This is exclusively for educational purposes. The debugger objects implementing a...

Polycom Command Shell Authorization Bypass

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Polycom Command Shell Authorization Bypass', 'Alias' = 'pshauthbypass', 'Author' = 'Paul Haas ', module 'h00die ',...

Multi Gigabit Packet Capturing: PFQ

PFQ is a functional networking framework designed for the Linux operating system that allows efficient packets capture/transmission 10G and beyond, in-kernel functional processing and packets steering across sockets/end-points. PFQ is highly optimized for multi-core architecture, as well as for...

Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=782 AppleGraphicsDeviceControlClient doesn't check that its pointer to its IOService at this+0xd8 is non-null before using it in all external methods. We can set this pointer to NU...

Remote Vulnerability Testing Framework: Pocsuite

Pocsuite is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers. Requirements Python 2.6...

Generate TCP/UDP Outbound Traffic On Multiple Ports

This module generates TCP or UDP traffic across a sequence of ports, and is useful for finding firewall holes and egress filtering. It only generates traffic on the port range you specify. It is up to you to run a responder or packet capture tool on a remote endpoint to determine which ports are...

CVE-2016-2428

libAACdec/src/aacdecdrc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via...

Apple Mac OSX - Kernel AppleKeyStore Use-After-Free

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=710 The AppleKeyStore userclient uses an IOCommandGate to serialize access to its userclient methods, however by racing two threads, one of which closes the userclient which frees...

Oracle Linux 7 : 389-ds-base (ELSA-2016-0204)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-0204 advisory. - Resolves: bug 1299757 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS Tenable has extracted the preceding...