'CVE'에 해당되는 글 18건

Bitcoin Remote Dos CVE 2018

CVE 2020. 9. 6. 17:39

blog.saika.kr/2018/09/cve-2018-17144-bitcoin-core-dos-critical-inflation-vulnerability/

 

CVE-2018-17144: Bitcoin Core DoS, Critical Inflation Vulnerability – Saika Blog – 서민교의 블로그

CVE-2018-17144: Bitcoin Core DoS, Critical Inflation Vulnerability by Seo Minkyo · Published 2018-09-24 · Updated 2019-04-02 Intro https://medium.com/@awemany/600-microseconds-b70f87b0b2a6 원문은 여기 CVE-2018-17144는 Bitcoin Core에서 발생한 �

blog.saika.kr

 

 

'CVE' 카테고리의 다른 글

SMB Ghost 취약점 분석(KISA)  (0) 2020.10.14
CVE-2020-1472 취약점 분석 글 (경로 참고)  (0) 2020.10.08
Word press plugin 0day  (0) 2020.09.06
POODLE Attack  (0) 2020.08.09
CVE-2020-0796-RCE-POC  (0) 2020.07.14
블로그 이미지

wtdsoul

,

Word press plugin 0day

CVE 2020. 9. 6. 17:14

github.com/w4fz5uck5/wp-file-manager-0day

 

w4fz5uck5/wp-file-manager-0day

wp-file-manager 6.7 (Aug 2020) Wordpress Plugin 0day - Remote Code Execution - w4fz5uck5/wp-file-manager-0day

github.com

 

 

 

'CVE' 카테고리의 다른 글

CVE-2020-1472 취약점 분석 글 (경로 참고)  (0) 2020.10.08
Bitcoin Remote Dos CVE 2018  (0) 2020.09.06
POODLE Attack  (0) 2020.08.09
CVE-2020-0796-RCE-POC  (0) 2020.07.14
CVE-2019-8805 - A macOS Catalina privilege escalation  (0) 2019.12.10
블로그 이미지

wtdsoul

,

POODLE Attack

CVE 2020. 8. 9. 19:15

https://twoicefish-secu.tistory.com/116

 

POODLE(CVE-2014-3566) 취약점 분석 보고서

POODLE ATTACK POODLE(padding oracle on downgraded legacy encryption)의 약자다. 구글 SSL3.0을 TLS3.0으로 낮추어 암호문 추측하는 공격이다. SSL3.0에서 이루어지는 공격이다. 해당 프로토..

twoicefish-secu.tistory.com

https://blog.trendmicro.com/trendlabs-security-intelligence/poodle-vulnerability-puts-online-transactions-at-risk/

 

POODLE Vulnerability Puts Online Transactions At Risk - TrendLabs Security Intelligence Blog

Earlier today, Google researchers Bodo Möller, Thai Duong, and Krzysztof Kotowicz released a paper discussing a serious bug in SSL 3.0 that allows attackers to conduct man-in-the-middle attacks and decrypt the traffic between Web servers and end users. F

blog.trendmicro.com

 

 

POODLE ATTACK
POODLE(padding oracle on downgraded legacy encryption)의 약자다. 구글
SSL3.0을 TLS3.0으로 낮추어 암호문 추측하는 공격이다.
SSL3.0에서 이루어지는 공격이다. 해당 프로토콜은 오래되고 안전하지 않다. 공격자들은 웹사이트에서 쓰이는 인증쿠키를 해독할 수 문제점이 있다.
취약점을 발현시키기 위하여 공격자들은 다음과같은 사항을 따라야한다.

 

 

'CVE' 카테고리의 다른 글

Bitcoin Remote Dos CVE 2018  (0) 2020.09.06
Word press plugin 0day  (0) 2020.09.06
CVE-2020-0796-RCE-POC  (0) 2020.07.14
CVE-2019-8805 - A macOS Catalina privilege escalation  (0) 2019.12.10
CVE-2019-2890  (0) 2019.12.10
블로그 이미지

wtdsoul

,

CVE-2020-0796-RCE-POC

CVE 2020. 7. 14. 17:43

CVE-2020-0796-RCE-POC-master.zip
2.39MB

https://packetstormsecurity.com/files/download/158054/CVE-2020-0796-RCE-POC-master.zip

 

Download: SMBleed / SMBGhost Pre-Authentication Remote Code Execution Proof Of Concept ≈ Packet Storm

© 2020 Packet Storm. All rights reserved.

packetstormsecurity.com

 

SMBleed / SMBGhost Pre-Authentication Remote Code Execution Proof Of Concept

 

Download: SMBleed / SMBGhost Pre-Authentication Remote Code Execution Proof Of Concept ≈ Packet Storm

© 2020 Packet Storm. All rights reserved.

packetstormsecurity.com

나중에 참고

 

'CVE' 카테고리의 다른 글

Word press plugin 0day  (0) 2020.09.06
POODLE Attack  (0) 2020.08.09
CVE-2019-8805 - A macOS Catalina privilege escalation  (0) 2019.12.10
CVE-2019-2890  (0) 2019.12.10
WhatsApp exploit poc  (0) 2019.11.21
블로그 이미지

wtdsoul

,

CVE-2019-8805 - A macOS Catalina privilege escalation

CVE 2019. 12. 10. 16:23

https://knight.sc/reverse%20engineering/2019/10/31/macos-catalina-privilege-escalation.html

 

CVE-2019-8805 - A macOS Catalina privilege escalation

With the release of macOS Catalina in October, Apple rolled out a set of interesting new features collectively called System Extensions. System Extensions are a set of user space frameworks encouraging developers who currently maintain and ship kernel exte

knight.sc

 

The Vulnerability

The privilege escalation vulnerability actually exists within endpointsecurityd and the SystemExtensions.framework it depends on. All of the communication above, between daemons, takes place using a low level system IPC mechanism called XPC. The SystemExtensions.framework provides a OSSystemExtensionPointListener class used by endpointsecurityd to listen for the XPC activation requests sysextd sends. When the endpointsecurityd daemon starts up it does the following:

 

 

Apple’s Patch

With the release of macOS 10.15.1, Apple has patched this vulnerability. If we disassemble and reconstruct the code for [OSSystemExtensionPointListener listener:shouldAcceptNewConnection:] we can see the changes that they applied:

 

 

 

'CVE' 카테고리의 다른 글

POODLE Attack  (0) 2020.08.09
CVE-2020-0796-RCE-POC  (0) 2020.07.14
CVE-2019-2890  (0) 2019.12.10
WhatsApp exploit poc  (0) 2019.11.21
Android Camera Apps  (0) 2019.11.21
블로그 이미지

wtdsoul

,

CVE-2019-2890

CVE 2019. 12. 10. 15:51

 

https://github.com/SukaraLin/CVE-2019-2890

 

SukaraLin/CVE-2019-2890

Contribute to SukaraLin/CVE-2019-2890 development by creating an account on GitHub.

github.com

 

 

 

'CVE' 카테고리의 다른 글

POODLE Attack  (0) 2020.08.09
CVE-2020-0796-RCE-POC  (0) 2020.07.14
CVE-2019-8805 - A macOS Catalina privilege escalation  (0) 2019.12.10
WhatsApp exploit poc  (0) 2019.11.21
Android Camera Apps  (0) 2019.11.21
블로그 이미지

wtdsoul

,

WhatsApp exploit poc

CVE 2019. 11. 21. 17:29

https://github.com/dorkerdevil/CVE-2019-11932?fbclid=IwAR3IodTITl0MXG58s2mekvTgeTV9-C3slkbxo2VhuQuVaf8zmlRkBYjj6RQ

 

dorkerdevil/CVE-2019-11932

double-free bug in WhatsApp exploit poc. Contribute to dorkerdevil/CVE-2019-11932 development by creating an account on GitHub.

github.com

 

double-free bug in WhatsApp exploit poc.

#Note: make sure to set the listner ip in exploit.c inorder to get shell

nc -lvp 5555 or whatever port.

and then compile.

gcc -o exploit egif_lib.c exploit.c

then run ./exploit and save the content to .gif

and send to victim.

#Source https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/.

#Poc_Video https://drive.google.com/file/d/1T-v5XG8yQuiPojeMpOAG6UGr2TYpocIj/view.

I don't own this , if you have issues please contact the owner

'CVE' 카테고리의 다른 글

POODLE Attack  (0) 2020.08.09
CVE-2020-0796-RCE-POC  (0) 2020.07.14
CVE-2019-8805 - A macOS Catalina privilege escalation  (0) 2019.12.10
CVE-2019-2890  (0) 2019.12.10
Android Camera Apps  (0) 2019.11.21
블로그 이미지

wtdsoul

,

Android Camera Apps

CVE 2019. 11. 21. 15:41

https://securityaffairs.co/wordpress/94089/hacking/cve-2019-2234-android-camera-apps-flaws.html?fbclid=IwAR0tjThpkEnxEgEum9RVgqoz41egBSwBneoMb9BtnjhbH1LoKMEhPFcmPyI

 

CVE-2019-2234 flaws in Android Camera Apps exposed millions of users surveillance

Experts found multiple flaws (CVE-2019-2234) in the Android camera apps provided by Google and Samsung that could allow attackers to spy on users. Cybersecurity experts from Checkmarx discovered multiple vulnerabilities in the Android camera apps provided

securityaffairs.co

 

Below the video PoC of the attack:

 

https://youtu.be/XJAMJOVoVyw

 

The researchers reported the flaws to Google in early July and the company confirmed that a security patch addressed them was released in the same month. Samsung also confirmed to have addressed the issue.

“This type of research activity is part of the Checkmarx Security Research Team’s ongoing efforts to drive the necessary changes in software security practices among vendors that manufacture consumer-based smartphones and IoT devices, while bringing more security awareness amid the consumers who purchase and use them. Protecting privacy of consumers must be a priority for all of us in today’s increasingly connected world”

'CVE' 카테고리의 다른 글

POODLE Attack  (0) 2020.08.09
CVE-2020-0796-RCE-POC  (0) 2020.07.14
CVE-2019-8805 - A macOS Catalina privilege escalation  (0) 2019.12.10
CVE-2019-2890  (0) 2019.12.10
WhatsApp exploit poc  (0) 2019.11.21
블로그 이미지

wtdsoul

,

공지사항

태그목록

글 보관함

달력

«   2024/05   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31

티스토리툴바