CVE to PoC – CVE-2017-0037

CVE-2017-0037 Internet Explorer “Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.” The PoC The … Continue reading CVE to PoC – CVE-2017-0037

CVE to PoC – CVE-2016-0450

CVE-2016-0450 Oracle GoldenGate “This vulnerability allows remote attackers to cause a denial condition on vulnerable installations of Oracle GoldenGate. Authentication is not required to exploit this vulnerability.” The Product “Oracle GoldenGate is a comprehensive software package for real-time data integration and replication in heterogeneous IT environments. The product set enables high availability solutions, real-time data … Continue reading CVE to PoC – CVE-2016-0450

How to solve a simple CrackMe

Crackmes: 4N006135 level-2 The “4N006135” by borismilner contains a total of four x86 binaries, each of them with an increasing level of difficulty. Level-0 and Level-1 are pretty straightforward, while Level-2 and Level-3 took me a bit more time and the Intel Software Developer’s Manual at hand.In this post I’ll focus on (some aspects of) Level-2 … Continue reading How to solve a simple CrackMe

Exploit-Exercises – Fusion Level01 provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues. In this post I’m going to explain how I solved level01 of Fusion, a pretty simple … Continue reading Exploit-Exercises – Fusion Level01

VMware Unified Access Gateway and Horizon View (CVE-2017-4907)

There is a heap-based buffer overflow vulnerability which affects VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4). This issue may be exploited remotely to execute code on the security gateway. VMware Unified Access Gateway 2.9 is not affected. This issue has been … Continue reading VMware Unified Access Gateway and Horizon View (CVE-2017-4907)

Commvault Edge (CVE-2017-3195)

Affected software: Commvault Edge 11 SP6 A stack based buffer overflow in the Commvault Edge Communication Service (cvd) allows remote attackers to execute arbitrary code via crafted packets, exploiting weaknesses in the key exchange mechanism. Access to TCP port 8400 (by default) on the target machine is necessary to exploit this vulnerability. An unauthenticated remote … Continue reading Commvault Edge (CVE-2017-3195)

Exploit-Exercises – Fusion Level02

The description from exploit-exercises: This level deals with some basic obfuscation / math stuff. This level introduces non-executable memory and return into libc / .text / return orientated programming (ROP). Let’s have a look at the source code: The vulnerability here is clear: user input of arbitrary size is copied into a local buffer of fixed … Continue reading Exploit-Exercises – Fusion Level02

CVE to PoC – CVE-2015-6946

Software: Borland AccuRev In this writeup, I will explain how I wrote a Proof of Concept exploit for CVE-2015-6946: “Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the the activate_doit function or (3) licfile … Continue reading CVE to PoC – CVE-2015-6946