Skip to content

Security exploits#2

Merged
s0 merged 61 commits intogithub:masterfrom
kevinbackhouse:SecurityExploits
Nov 15, 2019
Merged

Security exploits#2
s0 merged 61 commits intogithub:masterfrom
kevinbackhouse:SecurityExploits

Conversation

@kevinbackhouse
Copy link
Copy Markdown
Contributor

@kevinbackhouse kevinbackhouse commented Nov 15, 2019

Merge https://github.com/Semmle/SecurityExploits into the new security-lab repo.

kevinbackhouse and others added 30 commits May 30, 2018 12:38
@kevinbackhouse
Add README file.
e24a72f
@kevinbackhouse
Exploit PoC for CVE-2017-13782 (DTrace).
b9af6d3
@m-y-mo
Merge pull request #1 from kev/Apple_dtrace
8de9dde 
Exploit PoC for CVE-2017-13782 (DTrace).
@kevinbackhouse
Exploit PoC for librelp/rsyslog CVE-2018-1000140.
b03bd56
@m-y-mo
Merge pull request #2 from kev/rsyslog_snprintf
61d4d30 
Exploit PoC for rsyslog snprintf vulnerability (CVE-2018-1000140)
@kevinbackhouse
Add Apache License 2.0 and copyright notice.
109bb35
Merge pull request #3 from kev/License
728fe17 
Add Apache License 2.0 and copyright notice.
@kevinbackhouse
Add note about the sudo password.
ac43b45
@kevinbackhouse
Exploit PoC for Apple XNU packet-mangler (CVE-2017-13904, CVE-2018-4249
abedc4d 
…).
@kevinbackhouse
No need to duplicate the instructions from the blog.
680ea18
Merge pull request #4 from kev/rsyslog_snprintf
a93b1f7 
Simplify the README by linking to the blog post
Merge pull request #5 from kev/Apple_XNU_packet_mangler_CVE-2017-13904
77d338a 
Exploit PoC for Apple XNU packet-mangler
@kevinbackhouse
Proof-of-concept exploit for CVE-2017-0141.
bb55317
@m-y-mo
Merge pull request #6 from kev/ChakraCore_CVE-2017-0141
4b6a3b8 
Proof-of-concept exploit for CVE-2017-0141
@kevinbackhouse
Exploit PoC for Apache Struts (CVE-2018-11776).
2469250
@kevinbackhouse
Fix typo in IP address.
b19f4f9
@kevinbackhouse
Proof-of-concept exploit for CVE-2018-5388.
26cf2fb
@kevinbackhouse
Change the setup so that the attacker user doesn't have sudo privileges.
0d7ff9f
@m-y-mo
Merge pull request #9 from kev/strongSwan_CVE-2018-5388
0e1683b 
Proof-of-concept exploit for CVE-2018-5388.
@kevinbackhouse
Update PoC for Mojave
25cf1b9
@kevinbackhouse
Add instructions for popping a calculator.
20e2d3d
@kevinbackhouse
Update security team name.
bae3846
@sj
Merge pull request #14 from kev/TeamName
e227e21 
Update security team name.
@kevinbackhouse
Exploit PoC for buffer overflow vulnerability in Mac OS NFS client (C…
f50cb65 
…VE-2018-4259).
@kevinbackhouse
Exploit PoC for buffer overflow in icmp_error (CVE-2018-4407).
20174b2
@kevinbackhouse
Update README.
b96b1cb
@sj
mention that it was found by Kev
4059532
@s0
Merge pull request #1 from sjvs/master
c42c0a7 
Update team name, add some more exploits
@kevinbackhouse
Enable popping a calculator from inside docker.
152a870
Merge pull request #8 from kev/Struts_CVE-2018-11776
fe5d5e3 
Exploit PoC for Apache Struts (CVE-2018-11776).
Sam and others added 26 commits November 23, 2018 08:58
Merge pull request #15 from kev/Apple_XNU_icmp_error
b2233d3 
Exploit PoC for buffer overflow in icmp_error (CVE-2018-4407).
@altmas5
CVE-2018-4407 PoC docs: Advice to use linux capabilities instead of …
394cabf 
…running with full root privileges
@sj
Merge pull request #3 from RULCSoft/master
e04254a 
CVE-2018-4407 PoC docs: Advice to use linux capabilities instead of running with full root privileges
@kevinbackhouse
Exploit PoC for command injection vulnerability in CImg.
56c28b2
@kevinbackhouse
Add PoC for CVE-2018-4460.
363fc68
@kevinbackhouse
Add link to commit that fixed the vulnerability.
39c57ae
Merge pull request #17 from kev/CImg
aa62c2b 
Exploit PoC for command injection vulnerability in CImg.
Merge pull request #18 from kev/Apple_XNU_packet_mangler_v2
7a1c227 
Apple xnu packet mangler v2
@s0
Merge remote-tracking branch 'github/master'
830f51c
@kevinbackhouse
Exploit PoC for SPARQL injection in VIVO.
b443c70
@kevinbackhouse
CVE-2019-6986
6fa2d46
@s0
Merge pull request #2 from kevinbackhouse/StrutsREADME
c408848 
Update README
@s0
Merge pull request #4 from kevinbackhouse/Vitro
2431308 
Exploit PoC for SPARQL injection in VIVO
@kevinbackhouse
Make LICENSE, COPYRIGHT, CONTRIBUTING.md, and CODE_OF_CONDUCT.md cons…
fe68678 
…istent with other Semmle repositories.
@sj
Merge pull request #6 from kevinbackhouse/LICENSE
30912a6 
Update license
@kevinbackhouse
Exploit PoC for path traversal vulnerability in Ansible (CVE-2019-3828).
88adec0
@sj
Merge pull request #8 from kevinbackhouse/Ansible_CVE-2019-3828
e41bb3a 
Exploit PoC for path traversal vulnerability in Ansible (CVE-2019-3828).
@kevinbackhouse
Add PoC for CVE-2019-3560 (Facebook Fizz).
b7ff6b2
@s0
Merge pull request #9 from kevinbackhouse/FacebookFizzDOS
536decb 
PoC for CVE-2019-3560 (Facebook Fizz)
@kevinbackhouse
Exploit PoC for out-of-bounds read in libssh2 version 1.8.2.
7984853
@kevinbackhouse
This vulnerability has now been assigned CVE-2019-13115.
c8dca9d
@s0
Merge pull request #10 from kevinbackhouse/libssh2
4460484 
Exploit PoC for out-of-bounds read in libssh2 version 1.8.2
@kevinbackhouse
Exploit PoC for Ubuntu Apport CVE-2019-7307.
f82de0c
@s0
Merge pull request #11 from kevinbackhouse/Apport_TOCTOU_get_ignore_dom_
06942d6 
CVE-2019-7307

Exploit PoC for Ubuntu Apport CVE-2019-7307
@kevinbackhouse
Move files into sub-directory
95c0bcc
@kevinbackhouse
Merge branch 'master' into SecurityExploits
c2d4357
@s0 s0 merged commit f08b051 into github:master Nov 15, 2019
@kevinbackhouse kevinbackhouse deleted the SecurityExploits branch November 19, 2019 10:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@s0 s0 s0 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@kevinbackhouse @s0 @m-y-mo @sj @altmas5