首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
热门关键字: shell  88888  art  vitter  vsserver
  当前位置:主页>安全文章>文章资料>Exploits>列表
macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket
  日期:2017-12-13 14:59:54 点击:0 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1373 SO_FLOW_DIVERT_TOKEN is a socket option on the SOL_SOCKET layer. It's implemented by flow_divert_token_set(struct socket *so, struct sockopt *sopt) in flow_divert.c. The releva
macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriC
  日期:2017-12-13 14:59:19 点击:0 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1375 AppleIntelCapriController::GetLinkConfig trusts a user-supplied value in the structure input which it uses to index a small table of pointers without bounds checking. The OOB-r
macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifeti
  日期:2017-12-13 14:56:58 点击:0 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1377 IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the IOUserClient::clientC
macOS getrusage Stack Leak
  日期:2017-12-12 16:34:47 点击:2 评论:0
MacOS getrusage stack leak through struct padding CVE-2017-13869For 64-bit processes, the getrusage() syscall handler converts a `struct rusage` to a `struct user64_rusage` using `munge_user64_rusage()`, then copies the `struct user64_rusage` to use
macOS necp_get_socket_attributes so_pcb Type Confusion
  日期:2017-12-12 16:33:46 点击:2 评论:0
MacOS so_pcb type confusion in necp_get_socket_attributes CVE-2017-13855When setsockopt() is called on any socket with level SOL_SOCKET and optname SO_NECP_ATTRIBUTES, necp_get_socket_attributes is invoked.necp_get_socket_attributes() unconditionall
macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kern
  日期:2017-12-12 16:32:36 点击:1 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1372 the kernel libproc API proc_list_uptrs has the following comment in it's userspace header: /* * Enumerate potential userspace pointers embedded in kernel data structures. * Cur
MikroTik 6.40.5 ICMP - Denial of Service
  日期:2017-12-12 16:31:14 点击:1 评论:0
#include stdio.h #include stdlib.h #include netinet/ip_icmp.h #include arpa/inet.h #include unistd.h #include netdb.h #include string.h #include netinet/ip.h #define handle(i) htons(i) #define cicmp 32 #define aicmp() (a_flags cicmp) #define sending_
Apple macOS 10.13.1 (High Sierra) - 'Blank Root' Local Privilege Escalation
  日期:2017-12-11 17:04:24 点击:5 评论:0
## Source: https://twitter.com/lemiorhan/status/935578694541770752 https://forums.developer.apple.com/thread/79235 Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as root with empty password after clickin
Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalat
  日期:2017-12-11 17:03:16 点击:3 评论:0
Recently I was working on an security issue in some other software that has yet to be disclosed which created a rather interesting condition. As a non-root user I was able to write to any file on the system that was not SIP-protected but the resultin
LabF nfsAxe FTP Client 3.7 - Buffer Overflow (DEP Bypass)
  日期:2017-12-11 17:01:35 点击:2 评论:0
#!/usr/bin/env python # # Exploit Title : LabF nfsAxe 3.7 FTP Client (DEP Bypass) # Date : 12/8/2017 # Exploit Author : wetw0rk # Vendor Homepage : http://www.labf.com/nfsaxe/nfs-server.html # Software link : http://www.labf.com/download/nfsaxe.exe #
Linux Kernel - DCCP Socket Use-After-Free
  日期:2017-12-07 15:09:24 点击:9 评论:0
/* This is an announcement for CVE-2017-8824 which is a use-after-free vulnerability I found in Linux DCCP socket. It can be used to gain kernel code execution from unprivileged processes. Youll find in attachment the proof of concept code and the ke
Claymore Dual ETH + DCR/SC/LBC/PASC GPU Miner - Stack Buffer Overflow / Path Tra
  日期:2017-12-07 15:06:50 点击:4 评论:0
#!/usr/bin/env python # -*- coding: UTF-8 -*- # github.com/tintinweb # # # optional: pip install pysocks ( https://pypi.python.org/pypi/PySocks ) # # ''' API overview: # nc -L -p 3333 {id:0,jsonrpc:2.0,method:miner_getstat1} {id:0,jsonrpc:2.0,method:
Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path
  日期:2017-12-07 15:05:38 点击:5 评论:0
/* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1418 Windows Defender: Controlled Folder Bypass through UNC Path Platform: Windows 10 1709 + Antimalware client version 4.12.16299.15 Class: Security Feature Bypass Summary: You can
LaCie 5big Network 2.2.8 - Command Injection
  日期:2017-12-07 15:04:48 点击:6 评论:0
#!/usr/bin/python # Exploit Title: LaCie 5big Network 2.2.8 Command Injection # Date: 2017-12-04 # Exploit Author: Timo Sablowski # Contact: ${lastname}@tyntec.com # Vendor Homepage: http://www.lacie.com # Software Link: http://www.lacie.com/files/la
Polycom Shell HDX Series Traceroute Command Execution
  日期:2017-12-06 17:41:47 点击:5 评论:0
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp def initializ
Microsoft Office Equation Editor Code Execution
  日期:2017-12-06 17:27:51 点击:6 评论:0
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpServer include M
Claymore's Dual Miner 10.1 Stack Buffer Overflow
  日期:2017-12-06 17:27:01 点击:8 评论:0
Author: github.com/tintinwebRef: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16929Version: 0.2Date: Nov 30th, 2017Tag: claymore dual ethereum decred crypto currency minerOverviewName: Claymore's Dual ETH + DCR/SC/LBC/PASC GPU MinerVen
Proxifier for Mac 2.19 - Local root Privilege Escalation
  日期:2017-12-06 17:25:37 点击:2 评论:0
# With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader # binary that ships with Proxifier = 2.18. # # Unfortunately 2.19 is also vulnerable to a slightly different attack that # yields the same result. # # When Proxifier is
Hashicorp vagrant-vmware-fusion 4.0.23 - Local root Privilege Escalation
  日期:2017-12-06 17:15:29 点击:4 评论:0
# A couple of weeks ago I disclosed a local root privesc in Hashicorp's # vagrant-vmware-fusion plugin: # # https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw ... # # The initial patch they released was 4.0.21 which unfortu
Hashicorp vagrant-vmware-fusion 4.0.24 - Local root Privilege Escalation
  日期:2017-12-06 17:14:42 点击:3 评论:0
# I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. # Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp quickly put out an
共585页/11687条记录 首页 1 [2] [3] [4] [5] [6] [7] 下一页 末页
  本月热点文章
·Abyss Web Server < 2.11.6 -
·Artica Web Proxy 3.06 - Remo
·Linux Kernel - 'The Huge Dir
·iOS < 11.1 / tvOS < 11.1 / w
·Linux Kernel - DCCP Socket U
·pfSense 2.3.1_1 Remote Comma
·phpMyFAQ 2.9.9 Code Injectio
·Claymore's Dual Miner 10.1 S
·Asterisk 13.17.2~dfsg-2 Memo
·Linux - 'mincore()' Uninitia
·HP iMC Plat 7.2 - Remote Cod
·WebKit - 'WebCore::Style::Tr
  本月推荐文章
 
  相关分类
  漏洞检测
  漏洞资料
  入侵实例
  系统安全
  网络安全
  网络基础
  病毒分析
Exploits
CopyRight © 2002-2017 VFocuS.Net All Rights Reserved