This program is a proof-of-concept exploit for CVE-2017-1084, a vulnerability in the FreeBSD kernel. It uses a technique called 'stack clash' to overwrite the stack guard page and gain access to the kernel stack. The exploit works by allocating memory pages in a loop until the kernel stack is reached. It then uses a function called 'smash_no_jump' to overwrite the stack guard page. Finally, it prints out the contents of the kernel stack to demonstrate that it has been successfully overwritten.
This program is a proof-of-concept exploit for CVE-2017-1000366 and CVE-2017-1000371, which are buffer overflow vulnerabilities in the Linux dynamic linker. The exploit works by overwriting the GOT entry of the dynamic linker with a pointer to a shellcode, which is then executed when the dynamic linker is called. The exploit is tested on various versions of Ubuntu and Debian.
This exploit is a proof-of-concept code for CVE-2017-1000366 and CVE-2017-1000379, which are privilege escalation vulnerabilities in Linux. The exploit uses a constructor function to execute a setuid() and setgid() system call to gain root privileges, followed by a dup2() system call to redirect standard input, output, and error to the terminal, and finally an execve() system call to execute a shell.
This exploit is a proof-of-concept code for CVE-2017-1000366 and CVE-2017-1000370, which are privilege escalation vulnerabilities in the Linux kernel. The exploit uses a shared library to inject code into the Linux dynamic linker, which is then used to execute a setuid shell. The exploit is written in C and uses assembly code to execute the setuid shell.
This program is a C program that is used to exploit the buffer overflow vulnerability in Linux systems. It reads the /proc/self/maps file and then checks for the presence of the binary specified in the argument. If the binary is present, it will analyze the mappings and set the appropriate variables. It then checks for the presence of the heap, stack, vdso, vsyscall, vvar, brk, exec, argv, and envp variables and sets the appropriate variables accordingly.
This program is vulnerable to a stack-based buffer overflow vulnerability. The vulnerability is caused by the lack of proper bounds checking when copying user-supplied data into a fixed-length stack-based buffer. An attacker can exploit this vulnerability by supplying a maliciously crafted argument to the program, which will cause the program to write data beyond the bounds of the buffer, resulting in a segmentation fault.
OpenBSD_at.c is vulnerable to buffer overflow due to improper bounds checking of user-supplied input. This vulnerability can be exploited by an attacker to execute arbitrary code on the vulnerable system.
Solaris_rsh.c is a program that exploits a buffer overflow vulnerability in Oracle Solaris 11.1, 11.2, and 11.3. The vulnerability is caused by improper bounds checking of user-supplied input when handling the -l option. An attacker can exploit this vulnerability to execute arbitrary code with root privileges.
Multiple vulnerabilities were found in the Kaspersky Anti-Virus for Linux File Server [2] Web Management Console. It is possible for a remote attacker to abuse these vulnerabilities and gain command execution as root.
EFS Web Server 7.2 allows unauthorized users to upload malicious files by exploiting a vulnerability in the upload form. The form can be found at http://target_host/disk_c/vfolders. The form contains a hidden input field with the name “upload_author” and value “Admin”. By changing the value of this field, an attacker can upload malicious files to the server.
Services By CQR