Real Name | ryujin |
---|---|
Email address | private |
Website | www.offensive-security.com |
First Active | 2008-01-09 |
Last Active | 2015-05-21 |
Microsoft Windows versions 8.0 and 8.1 on x64 TrackPopupMenu privilege escalation exploit that leverages the vulnerability documented in MS14-058.
7d524f41ded3fbca83cd0ed3b01c95d13cab774d7a2fa4d2956447e6c0c1eed9
Symantec Endpoint Protection versions 11.x and 12.x suffer from a kernel pool overflow vulnerability.
4336ac24272f9e03af411eafef0734ba3a8c0d939a93fed5265bff19cf5612fe
This Metasploit module exploits a flaw in the AfdJoinLeaf function of the afd.sys driver to overwrite data in kernel space. An address within the HalDispatchTable is overwritten and when triggered with a call to NtQueryIntervalProfile will execute shellcode. This Metasploit module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process before restoring it's own token to avoid causing system instability.
f6dc1203a74e12170988c31fabd455ab39d26e8231aa917f56967362c0509242
MS11-080 privilege escalation exploit that leverages the fact that afd.sys does not properly validate user-mode input passed to kernel-mode.
050ef4e20cffa5096df95d3a92d67ec15bef3ea3848cd5b8824bbec9e2cb4338
This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.
eca7d8b6931584eb3a994d517c4e7c7d6ee00bc2c0a6e1a811a275c54de08fa6
Mozilla Firefox Integer Overflow | Mozilla Firefox Array.reduceRight() integer overflow exploit. James Besmertnuk has reported that this vulnerability is still present in Firefox version 9.0.1.
b0d79a9af8ab6b14c5febfcb8aae8db449fcd6cc78eecbb021905dadaa2e2e0e
This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer to point to an unaligned address within the vtable's function pointers. This leads to the program counter being set to the address determined by the address "[vtable+0x30+1]". The particular address depends on the exact version of the mshtml library in use. Since the address depends on the version of mshtml, some versions may not be exploitable. Specifically, those ending up with a program counter value within another module, in kernel space, or just not able to be reached with various memory spraying techniques. Also, since the address is not controllable, it is unlikely to be possible to use ROP to bypass non-executable memory protections.
c5af90428a60eae212629d6165cc2ab369c2d3111464b63c3d7505ceda36a191
This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution.
b5f68cfc74a96815adebfeab5b901e1febc67c4cb41f55ca40098dbd8d7ac9ff
Microsoft Internet Explorer versions 6, 7 and 8 memory corruption exploit.
31684eb156a1877d3e7a41622e50d6e6c00769cce04fc282658316fb9370a72d
Avast! version 4.7 aavmker4.sys local privilege escalation vulnerability.
d3bb28a2b24343c621152dc7cfb21ff4932d6710b667865b875da8570485ee90
PHP version 6.0 Dev str_transliterate() buffer overflow exploit with NX + ASLR bypass.
c915cded3e7fe8ebb668fccbc01befdee1908158cb07caee201a7e6e7dab516d
Novell eDirectory version 8.8 SP5 iConsole buffer overflow exploit. Written in Python.
95f50c442d3fd3dc5c31b4e796c37252f8f18b011dbce81f67724b44562c1ee0
HP Power Manager Administration universal buffer overflow exploit. Written in Python.
337fad58366611acfcbe84f9d94f843b5856b4b86a3e3ea9b0faf759454d90c4
Apple iTunes version 8.1.1.10 itms/itcp buffer overflow exploit for Microsoft Windows.
140b17c3410e2700b0f0b0f6aba6cda0e9899e7773db6b0f7c41bb673a524261
FreeSSHD version 1.2.1 post authentication remote SEH overflow exploit that spawns a shell on port 4444.
f7343d892c3d08b25b42c2fd3eed90f2a31ecb113628845c1d671d69ea95a842
VLC version 0.8.6d double shell universal exploit that binds a shell to port 4444.
e184c134027416e686c1e5810a3cf2cb24ddf0bb94a461147657eccd217e10e2
BigAnt Server version 2.2 pre-auth remote SEH overflow exploit for Windows 2000 SP4 English that binds a shell to port 6080.
686272c27038e11de7c9e4ab5049521055d0aff4cb2b0da06793f5ea631ad9aa
NetWin Surgemail version 3.8k4-4 IMAP post-auth remote LIST universal exploit that binds a shell to port 4444.
13e2fa0e22a61a07a78d0404ae1ce4d872b60e6a762cc83285b52ee831ab9f6c
MDaemon IMAP server version 9.6.4 FETCH command remote buffer overflow universal exploit that binds a shell to port 4444.
46172680402d72918d7c2218e17716c08edb90bc46bac08874a8277b85c54ab2
MailEnable SMTP server VRFY/EXPN command buffer overflow denial of service exploit.
a0705361ac29e9fb40f8aeae9a11b264b6c3114b26f03df112fc86cb7c8a608d
Microsoft DirectX SAMI file parsing remote stack overflow exploit that binds a shell to port 4444.
891b81acd9ed28a3aeb26a4085e20322e16d833a8297675eed4861882ea54014