CHT漏洞数据库
记录包含各种WordPress/Windows/PHP/Linux等各种系统漏洞或模板。
15,047个主题在此版块
-
- 0 篇回复
- 98 次查看
# Exploit Title: ASPRunner Professional v6.0.766 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-30 # Vendor Homepage: http://www.xlinesoft.com/asprunnerpro # Software Link : http://www.xlinesoft.com/asprunnerpro # Tested Version: v6.0.766 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run AspRunnerPro.exe # 2.- copy content AspRunnerPro_Crash.txt or 180 "A" to clipboard (result from this python script) # 3.- Go to Wizard "Create a new project" - in "Project name:" field paste the result (180 "A" or more) # 4.- Click in Next button and you will see a cr…
Xiao7的最后回复, -
- 0 篇回复
- 87 次查看
#!/usr/bin/python # Exploit Title: R i386 3.5.0 - Local Buffer Overflow (SEH) # Date: 30/01/2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: https://www.r-project.org/ # Version: 3.5.0 # Software Link: https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Version: 3.5.0 # Tested on: Windows XP Prof SP3 ENG x86 # Note: SEH exploitation method (SEH + DEP Bypass exploit for Windows 7 x86 by Bzyo available on exploit-db) # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # PoC: # 1.) Generate exploit.txt, copy …
KaiWn的最后回复, -
#!/usr/bin/python # Exploit Title: UltraISO 9.7.1.3519 - Local Buffer Overflow (SEH) # Date: 30/01/2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: https://www.ultraiso.com/ # Version: 9.7.1.3519 # Software Link: https://www.ultraiso.com/download.html # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested on: Windows XP Prof SP3 ENG x86 # CVE: TBC from Mitre # Thanks to Francisco Ramirez for the original Windows 10 x64 DOS. # Created in preparation for OSCE - DC - Telspace Systems # PoC: # 1.) Generate exploit.txt, copy the content to clipboard # 2.) In the application, click "Make CD/DVD Image" #…
剑道尘心的最后回复, -
# Exploit Title: Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC) # Discovery by: Luis Martinez # Discovery Date: 2019-01-30 # Vendor Homepage: https://www.ks-soft.net # Software Link : https://www.ks-soft.net/download/hm1190.exe # Tested Version: 11.90 Beta # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 10 Pro x64 es # Steps to Produce the Crash: # 1.- Run python code : python Advanced_Host_Monitor_11.90_Beta.py # 2.- Open Advanced_Host_Monitor_11.90_Beta.txt and copy content to clipboard # 3.- Open HostMonitor # 4.- Help -> License... # 5.- Register Now # 6.- Name (Organization): -> l4m5 # 7.- Paste Cl…
KaiWn的最后回复, -
# Exploit Title: Necrosoft DIG v0.4 - Denial of Service (PoC) SEH overwritten Crash PoC # Discovery by: Rafael Pedrero # Discovery Date: 2005-01-10 # Vendor Homepage: http://www.nscan.org/?index=dns # Software Link : http://www.nscan.org/?index=dns # Tested Version: 0.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run Necrosoft DIG v0.4 (dig.exe) # 2.- copy content DIG_Crash.txt to clipboard (result from this python script) # 3.- Paste the content into the field: 'Target' # 4.- Click 'TCP lookup' button and you will see a crash. ''' SEH chain of thread 000003CC Address SE handler …
Anonymous的最后回复, -
#!/usr/bin/python # Exploit Title: AnyBurn x86 - Denial of Service (DoS) # Date: 30-01-2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: http://www.anyburn.com/ # Version: 4.3 (32-bit) # Software Link : http://www.anyburn.com/anyburn_setup.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested Version: 4.3 (32-bit) # Tested on: Windows XP SP3 ENG x86 # Note: The other exploitation field in Anyburn was discovered by Achilles # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # DOS PoC: # 1.) Generate exploit.txt, copy the contents to clipboard # 2.) In the application…
.thumb.jpg.efe932f5496dec4b6be0a5bdbb70a948.jpg)
XenoG的最后回复, -
- 0 篇回复
- 104 次查看
# Exploit Title: a-Mac Address Change v5.4 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-30 # Vendor Homepage: http://amac.paqtool.com/ # Software Link : http://amac.paqtool.com/ # Tested Version: 5.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run amac.exe # 2.- copy content amac_Crash.txt or 212 "A" to clipboard (result from this python script) # 3.- Go to Register - Amac Register Form and paste the result in all fields: "Your Name", "Your Company", "Register Code" # 4.- Click in Register button and you will see a crash. #!/usr/bin/env python c…
CHQ1d的最后回复, -
- 0 篇回复
- 86 次查看
# Exploit Title: LanHelper v1.74 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-31 # Vendor Homepage: http://www.hainsoft.com/ # Software Link : http://www.hainsoft.com/ # Tested Version: 1.74 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run LanHelper.exe # 2.- copy content LanHelper_Crash.txt or 6000 "A" to clipboard (result from this python script) # 3.- Go to "NT-Utilities" - "Form Send Message" - Tab "Message" - "Add" - "Add target" and paste the result from this python script # 4.- Paste the result from this python script in "Message text:", sam…
Xiao7的最后回复, -
/* XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might be able to exploit double-reads in the destination process. This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, if the filesystem mutates the file contents (e.g. because the ftruncate() syscall was used), the filesystem must inform the memory management subsystem so that affected pages can be deduplicated. If this doesn…
.thumb.jpg.26764a69083eb4469b6d18365588b559.jpg)
尖REN的最后回复, -
- 0 篇回复
- 113 次查看
# Exploit Title: PassFab Excel Password Recovery SEH Local Exploit # Date: 31.01.19 # Vendor Homepage:https://www.passfab.com/products/excel-password-recovery.html # Software Link: https://www.passfab.com/downloads/passfab-excel-password-recovery.exe # Exploit Author: Achilles # Tested Version: 8.3.1 # Tested on: Windows XP SP3 # 1.- Run python code : PassFab_RAR # 2.- Open EVIL.txt and copy content to clipboard # 3.- Open PassFab RAR Password Recovery # 4.- In the new Window click on the key in the upper right corner # 5.- Paste the content of EVIL.txt into the Field: 'Licensed E-mail and Registration Code' # 6.- Click 'Register'and the calculator will open # 7.- Gree…
Tenfk的最后回复, -
- 0 篇回复
- 90 次查看
# Exploit Title: FlexHEX v2.46 - Denial of Service (PoC) and SEH overwritten Crash PoC # Discovery by: Rafael Pedrero # Discovery Date: 2018-12-20 # Vendor Homepage: http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 # Software Link : http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 # Tested Version: 2.46 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run FlexHEX.exe # 2.- Go to Menu "Stream" - "New Stream" and copy content of FlexHEX_SEH_Crash.txt to clipboard # 3.- Paste the content into the field: 'Stream Name:' # 4.- Click 'OK' button and you will see a crash. ''' L…
剑道尘心的最后回复, -
- 0 篇回复
- 95 次查看
# Exploit Title: ASPRunner Professional v6.0.766 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-30 # Vendor Homepage: http://www.xlinesoft.com/asprunnerpro # Software Link : http://www.xlinesoft.com/asprunnerpro # Tested Version: v6.0.766 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run AspRunnerPro.exe # 2.- copy content AspRunnerPro_Crash.txt or 180 "A" to clipboard (result from this python script) # 3.- Go to Wizard "Create a new project" - in "Project name:" field paste the result (180 "A" or more) # 4.- Click in Next button and you will see a cr…
KaiWn的最后回复, -
- 0 篇回复
- 91 次查看
#!/usr/bin/python # Exploit Title: R i386 3.5.0 - Local Buffer Overflow (SEH) # Date: 30/01/2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: https://www.r-project.org/ # Version: 3.5.0 # Software Link: https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Version: 3.5.0 # Tested on: Windows XP Prof SP3 ENG x86 # Note: SEH exploitation method (SEH + DEP Bypass exploit for Windows 7 x86 by Bzyo available on exploit-db) # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # PoC: # 1.) Generate exploit.txt, copy …
CHQ1d的最后回复, -
#!/usr/bin/python # Exploit Title: UltraISO 9.7.1.3519 - Local Buffer Overflow (SEH) # Date: 30/01/2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: https://www.ultraiso.com/ # Version: 9.7.1.3519 # Software Link: https://www.ultraiso.com/download.html # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested on: Windows XP Prof SP3 ENG x86 # CVE: TBC from Mitre # Thanks to Francisco Ramirez for the original Windows 10 x64 DOS. # Created in preparation for OSCE - DC - Telspace Systems # PoC: # 1.) Generate exploit.txt, copy the content to clipboard # 2.) In the application, click "Make CD/DVD Image" #…
KaiWn的最后回复, -
# Exploit Title: Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC) # Discovery by: Luis Martinez # Discovery Date: 2019-01-30 # Vendor Homepage: https://www.ks-soft.net # Software Link : https://www.ks-soft.net/download/hm1190.exe # Tested Version: 11.90 Beta # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 10 Pro x64 es # Steps to Produce the Crash: # 1.- Run python code : python Advanced_Host_Monitor_11.90_Beta.py # 2.- Open Advanced_Host_Monitor_11.90_Beta.txt and copy content to clipboard # 3.- Open HostMonitor # 4.- Help -> License... # 5.- Register Now # 6.- Name (Organization): -> l4m5 # 7.- Paste Cl…
CHQ1d的最后回复, -
- 0 篇回复
- 102 次查看
# Exploit Title: Necrosoft DIG v0.4 - Denial of Service (PoC) SEH overwritten Crash PoC # Discovery by: Rafael Pedrero # Discovery Date: 2005-01-10 # Vendor Homepage: http://www.nscan.org/?index=dns # Software Link : http://www.nscan.org/?index=dns # Tested Version: 0.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run Necrosoft DIG v0.4 (dig.exe) # 2.- copy content DIG_Crash.txt to clipboard (result from this python script) # 3.- Paste the content into the field: 'Target' # 4.- Click 'TCP lookup' button and you will see a crash. ''' SEH chain of thread 000003CC Address SE handler …
XenoG的最后回复, -
#!/usr/bin/python # Exploit Title: AnyBurn x86 - Denial of Service (DoS) # Date: 30-01-2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: http://www.anyburn.com/ # Version: 4.3 (32-bit) # Software Link : http://www.anyburn.com/anyburn_setup.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested Version: 4.3 (32-bit) # Tested on: Windows XP SP3 ENG x86 # Note: The other exploitation field in Anyburn was discovered by Achilles # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # DOS PoC: # 1.) Generate exploit.txt, copy the contents to clipboard # 2.) In the application…
风尘剑心的最后回复, -
- 0 篇回复
- 89 次查看
# Exploit Title: a-Mac Address Change v5.4 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-30 # Vendor Homepage: http://amac.paqtool.com/ # Software Link : http://amac.paqtool.com/ # Tested Version: 5.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run amac.exe # 2.- copy content amac_Crash.txt or 212 "A" to clipboard (result from this python script) # 3.- Go to Register - Amac Register Form and paste the result in all fields: "Your Name", "Your Company", "Register Code" # 4.- Click in Register button and you will see a crash. #!/usr/bin/env python c…
Anonymous的最后回复, -
- 0 篇回复
- 106 次查看
# Exploit Title: LanHelper v1.74 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-31 # Vendor Homepage: http://www.hainsoft.com/ # Software Link : http://www.hainsoft.com/ # Tested Version: 1.74 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run LanHelper.exe # 2.- copy content LanHelper_Crash.txt or 6000 "A" to clipboard (result from this python script) # 3.- Go to "NT-Utilities" - "Form Send Message" - Tab "Message" - "Add" - "Add target" and paste the result from this python script # 4.- Paste the result from this python script in "Message text:", sam…
剑道尘心的最后回复, -
/* It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and backboardd on iOS. You can talk to it from the app sandbox on iOS. It uses an IOMIGMachPortCache to translate between ports on which messages were received and CF objects on which actions should be performed. There is insufficient checking that the types are correct; so far as I can tell all the io_hideventsystem_* methods apart from io_hideventsystem_open expect to be called on a "connection" port, but that's not enforced. Specifically, the service port is put in the cache mapped to an IOHID…
Tenfk的最后回复,