This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: Nagios Core qh_help Denial of Service | |
# Date: 2018-07-09 | |
# Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
# Vendor Homepage: https://www.nagios.org/ | |
# Software Link: https://www.nagios.org/downloads/nagios-core/ | |
# Version: 4.4.1 and earlier | |
# Tested on: 4.4.1 | |
# CVE : CVE-2018-13441 | |
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: Nagios Core qh_core Denial of Service | |
# Date: 2018-07-09 | |
# Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
# Vendor Homepage: https://www.nagios.org/ | |
# Software Link: https://www.nagios.org/downloads/nagios-core/ | |
# Version: 4.4.1 and earlier | |
# Tested on: 4.4.1 | |
# CVE : CVE-2018-13458 | |
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: Nagios Core qh_echo Denial of Service | |
# Date: 2018-07-09 | |
# Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
# Vendor Homepage: https://www.nagios.org/ | |
# Software Link: https://www.nagios.org/downloads/nagios-core/ | |
# Version: 4.4.1 and earlier | |
# Tested on: 4.4.1 | |
# CVE : CVE-2018-13457 | |
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ 0.000000] Linux version 4.15.0-29-generic (buildd@lcy01-amd64-024) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10)) #31~16.04.1-Ubuntu SMP Wed Jul 18 08:54:04 UTC 2018 (Ubuntu 4.15.0-29.31~16.04.1-generic 4.15.18) | |
[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-4.15.0-29-generic root=UUID=698582a6-55a9-44bf-b937-26bede2bff48 ro find_preseed=/preseed.cfg auto noprompt priority=critical locale=en_US quiet | |
[ 0.000000] KERNEL supported cpus: | |
[ 0.000000] Intel GenuineIntel | |
[ 0.000000] AMD AuthenticAMD | |
[ 0.000000] Centaur CentaurHauls | |
[ 0.000000] Disabled fast string operations | |
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' | |
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' | |
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: ntpq and ntpdc 4.2.8p11 Local Buffer Overflow | |
# Date: 2018-06-06 | |
# Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
# Vendor Homepage: http://www.ntp.org/ | |
# Software Link: http://www.ntp.org/downloads.html | |
# Version: 4.2.8p11 and earlier | |
# Tested on: 4.2.8p11 | |
# CVE : CVE-2018-12327 | |
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows a local attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: Redis-cli Buffer Overflow | |
# Date: 2018-06-13 | |
# Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
# Vendor Homepage: https://redis.io/ | |
# Software Link: https://redis.io/download | |
# Version: 5.0, 4.0, 3.2 | |
# Fixed on: 5.0, 4.0, 3.2 | |
# CVE : CVE-2018-12326 | |
Buffer overflow in redis-cli of Redis version 3.2, 4.0, and 5.0 allows a local attacker to achieve code execution and escalate to higher privileges via a long string in the hostname parameter. |
OlderNewer