bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2022-11-10

Browse source 
20 changes to exploits/shellcodes/ghdb

0 new exploits/shellcodes

Too many to list!
This commit is contained in:
Offensive Security 2022-11-10 23:30:40 +00:00
parent 033a8167fc
commit b6e780c138
21 changed files with 31580 additions and 31580 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
exploits/android/remote/47157.txt
View file

@ -9,4 +9,4 @@ CVE-2019-2107 - looks scary. Still remember Stagefright and PNG bugs vulns ....
With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly "crafted" video (with tiles enabled - ps_pps->i1_tiles_enabled_flag) you can possibly do RCE. The codec affected is HVEC (a.k.a H.265 and MPEG-H Part 2) With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly "crafted" video (with tiles enabled - ps_pps->i1_tiles_enabled_flag) you can possibly do RCE. The codec affected is HVEC (a.k.a H.265 and MPEG-H Part 2)
POC: POC:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/47157.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47157.zip

2
exploits/ios/local/47409.txt
View file

@ -11,7 +11,7 @@ This is an alternative (and complete) exploit for CVE-2019-8605. I have only imp
POC: POC:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/47409.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47409.zip
[1] https://gist.github.com/ur0/a9b2d8088479a70665f729c4e9bf8720 [1] https://gist.github.com/ur0/a9b2d8088479a70665f729c4e9bf8720
[2] https://twitter.com/Pwn20wnd/status/1163392040073191426 [2] https://twitter.com/Pwn20wnd/status/1163392040073191426

2
exploits/linux/dos/46745.txt
View file

@ -211,4 +211,4 @@ That leaves numbers 2 and 3, I guess, unless someone has a better idea?
Proof of Concept: Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46745.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46745.zip

2
exploits/linux/dos/46781.txt
View file

@ -290,4 +290,4 @@ Segmentation fault (core dumped)
Proof of Concept: Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46781.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46781.zip

2
exploits/multiple/dos/46565.txt
View file

@ -23,4 +23,4 @@ $ /ssd/chrome_trunk/src/out/Tsan/chrome --enable-blink-features=MojoJS
Proof of Concept: Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46565.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46565.zip

2
exploits/multiple/dos/46566.txt
View file

@ -28,4 +28,4 @@ The testcase assumes that the domains test0.com - test63.com all resolve to your
Proof of Concept: Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46566.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46566.zip

2
exploits/multiple/dos/46570.txt
View file

@ -12,4 +12,4 @@ I've attached a PoC (using the MojoJS bindings) that demonstrates the issue in a
Proof of Concept: Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46570.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46570.zip

2
exploits/multiple/dos/46571.txt
View file

@ -48,4 +48,4 @@ $ /ssd/chrome_trunk/src/out/Asan/chrome --enable-blink-features=MojoJS --user-da
Proof of Concept: Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46571.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46571.zip

2
exploits/multiple/dos/46648.txt
View file

@ -48,4 +48,4 @@ The gained primitive (obtaining more or less arbitrary entitlements) can then e.
Proof of Concept: Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46648.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46648.zip

2
exploits/windows/dos/46569.txt
View file

@ -45,4 +45,4 @@ Please also note that most of the logic shown above for CObjectElement::FinalCre
Proof of Concept: Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46569.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46569.zip

2
exploits/windows/dos/46604.txt
View file

@ -6,4 +6,4 @@
# CVE : CVE-2019-0808 # CVE : CVE-2019-0808
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46604.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46604.zip

2
exploits/windows/dos/46867.txt
View file

@ -127,4 +127,4 @@ MiniGDIEx!DllUnregisterServer+0x2f95:
--- ---
PoC files: PoC files:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46867.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46867.zip

2
exploits/windows/dos/47454.md
View file

@ -22,4 +22,4 @@ After this steps we can see next:
I was use msec.dll (!exploitable) is a Windows debugging extension (Windbg) that provides automated crash analysis and security risk assessment [Download msec.dll](https://archive.codeplex.com/?p=msecdbg) I was use msec.dll (!exploitable) is a Windows debugging extension (Windbg) that provides automated crash analysis and security risk assessment [Download msec.dll](https://archive.codeplex.com/?p=msecdbg)
As you can see msec.dll checked this crash and decide that is EXPLOITABLE crash, because SEH chain is corrupted. It is means that attacker can use this vulnerability for remote code execution. As you can see msec.dll checked this crash and decide that is EXPLOITABLE crash, because SEH chain is corrupted. It is means that attacker can use this vulnerability for remote code execution.
EDB Note: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/47454.bsp EDB Note: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47454.bsp

2
exploits/windows/local/46189.txt
View file

@ -14,4 +14,4 @@ Antivirus signature DAT file version: 1297458144
POC: POC:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46189.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46189.zip

2
exploits/windows/local/46683.txt
View file

@ -6,4 +6,4 @@ This vulnerability allows low privileged users to hijack file that are owned by
Proof of Concept: Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46683.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46683.zip

2
exploits/windows/local/46747.txt
View file

@ -32,4 +32,4 @@ The PoC executes ExitProcess inside the hardened process and verifies the return
Proof of Concept: Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46747.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46747.zip

2
exploits/windows/local/47389.txt
View file

@ -45,7 +45,7 @@ C:\Windows\win.ini has had it's security descriptor rewritten to grant
'Full Control' to the low privileged user. 'Full Control' to the low privileged user.
PoC files: PoC files:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/47389.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47389.zip
References: References:
https://github.com/sgabe/CVE-2019-1253 https://github.com/sgabe/CVE-2019-1253

4
exploits/windows/remote/42031.py
View file

@ -9,8 +9,8 @@ EternalBlue exploit for Windows 7/2008 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten) The exploit might FAIL and CRASH a target system (depended on what is overwritten)
EDB Note: Shellcode EDB Note: Shellcode
- x64 ~ https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/42030.asm - x64 ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42030.asm
- x86 ~ https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/42031.asm - x86 ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42031.asm
Tested on: Tested on:
- Windows 7 SP1 x64 - Windows 7 SP1 x64

2
exploits/windows_x86-64/dos/47393.txt
View file

@ -15,7 +15,7 @@ Open aaaaa.ml via affected notepad++
POC files: POC files:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/47393.zip https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47393.zip
Result: Result:

4
exploits/windows_x86-64/remote/42030.py
View file

@ -10,8 +10,8 @@ The exploit might FAIL and CRASH a target system (depended on what is overwritte
The exploit support only x64 target The exploit support only x64 target
EDB Note: Shellcode EDB Note: Shellcode
- x64 ~ https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/42030.asm - x64 ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42030.asm
- x86 ~ https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/42031.asm - x86 ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42031.asm
Tested on: Tested on:
- Windows 2012 R2 x64 - Windows 2012 R2 x64

63116
files_exploits.csv
View file

File diff suppressed because it is too large Load diff