Initial commit

Author: rcvalle

.github/workflows/build.yml

@@ -0,0 +1,60 @@
+name: build
+
+on:
+  push:
+    branches: main
+
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v1
+
+      - name: Build
+        run: |
+          touch -a README.md
+          rm README.md
+          bundle install
+          bundle exec jekyll build
+          cp _site/README.md README.md
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v1
+
+      - name: Commit
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "Ramon de C Valle"
+          git add -A
+          git commit -m "Auto commit changes" || true
+          git push origin main
+
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    name: Deploy
+    needs: build
+
+    permissions:
+      id-token: write
+      pages: write
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v1

.gitignore

@@ -0,0 +1,6 @@
+.bundle
+.jekyll-cache
+.sass-cache
+Gemfile.lock
+_site
+vendor

.ruby-version

@@ -0,0 +1 @@
+3.3

Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gem 'jekyll'

_data/exploits.yml

@@ -0,0 +1,243 @@
+---
+- description: The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4,
+    does not initialize all function pointers for socket operations in proto_ops structures,
+    which allows local users to trigger a NULL pointer dereference and gain privileges
+    by using mmap to map page zero, placing arbitrary code on this page, and then
+    invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage
+    function) on a PF_PPPOX socket.
+  filename: linux-sendpage3.tar.gz
+  name: Linux sock_sendpage() NULL Pointer Dereference Exploit for Linux POWER/PowerPC
+    x86 (3)
+  published: 2009-09-10 00:00:00.000000000 Z
+  resources:
+  - name: View on LWN.net
+    url: https://lwn.net/Articles/349999/
+  updated:
+  url: https://github.com/risesecurity/exploits/raw/HEAD/linux-sendpage3.tar.gz
+  vulnerabilities:
+  - CVE-2009-2692
+- description: The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4,
+    does not initialize all function pointers for socket operations in proto_ops structures,
+    which allows local users to trigger a NULL pointer dereference and gain privileges
+    by using mmap to map page zero, placing arbitrary code on this page, and then
+    invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage
+    function) on a PF_PPPOX socket.
+  filename: linux-sendpage2.tar.gz
+  name: Linux sock_sendpage() NULL Pointer Dereference Exploit for Linux POWER/PowerPC
+    x86 (2)
+  published: 2009-09-07 00:00:00.000000000 Z
+  resources:
+  - name: View on LWN.net
+    url: https://lwn.net/Articles/349999/
+  updated:
+  url: https://github.com/risesecurity/exploits/raw/HEAD/linux-sendpage2.tar.gz
+  vulnerabilities:
+  - CVE-2009-2692
+- description: The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4,
+    does not initialize all function pointers for socket operations in proto_ops structures,
+    which allows local users to trigger a NULL pointer dereference and gain privileges
+    by using mmap to map page zero, placing arbitrary code on this page, and then
+    invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage
+    function) on a PF_PPPOX socket.
+  filename: linux-sendpage.c
+  name: Linux sock_sendpage() NULL Pointer Dereference Exploit for Linux POWER/PowerPC
+    x86
+  published: 2009-08-31 00:00:00.000000000 Z
+  resources:
+  - name: View on LWN.net
+    url: https://lwn.net/Articles/349999/
+  updated:
+  url: https://github.com/risesecurity/exploits/raw/HEAD/linux-sendpage.c
+  vulnerabilities:
+  - CVE-2009-2692
+- description: Stack-based buffer overflow in the _tt_internal_realpath function in
+    the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10,
+    and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf,
+    allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII
+    string to remote procedure 15.
+  filename: rpc_ttdbserverd_realpath.rb
+  name: ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)
+  published: 2009-06-23 03:49:25.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/rpc_ttdbserverd_realpath.rb
+  vulnerabilities:
+  - CVE-2009-2727
+- description: Multiple heap-based buffer overflows in the NDR parsing in smbd in
+    Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code
+    via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d),
+    (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount
+    (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2
+    (lsa_io_trans_names).
+  filename: lsa_transnames_heap_linux.rb
+  name: Samba lsa_io_trans_names Heap Overflow (Linux)
+  published: 2008-10-19 21:03:39.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/lsa_transnames_heap_linux.rb
+  vulnerabilities:
+  - CVE-2007-2446
+- description: Stack-based buffer overflow in the adm_build_path function in sadmind
+    in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute
+    arbitrary code via a crafted request.
+  filename: sadmind_adm_build_path.rb
+  name: Sun Solaris sadmind adm_build_path() Buffer Overflow
+  published: 2008-10-14 14:22:34.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/sadmind_adm_build_path.rb
+  vulnerabilities:
+  - CVE-2008-4556
+- description: Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53
+    through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers
+    to execute arbitrary code via (1) a long service attach request on TCP port 3050
+    to the (a) SVC_attach or (b) INET_connect function, (2) a long create request
+    on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function,
+    (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f)
+    PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database
+    or (5) expand_filename2 function.
+  filename: ib_inet_connect.rb
+  name: Borland InterBase INET_connect() Buffer Overflow
+  published: 2007-10-04 03:03:13.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/ib_inet_connect.rb
+  vulnerabilities:
+  - CVE-2007-5243
+- description: This module exploits a stack buffer overflow in Borland InterBase by
+    sending a specially crafted create request.
+  filename: ib_jrd8_create_database.rb
+  name: Borland InterBase jrd8_create_database() Buffer Overflow
+  published: 2007-10-04 03:03:13.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/ib_jrd8_create_database.rb
+  vulnerabilities:
+  - CVE-2007-5243
+- description: Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through
+    8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote
+    attackers to execute arbitrary code via a long attach request on TCP port 3050
+    to the open_marker_file function.
+  filename: ib_open_marker_file.rb
+  name: Borland InterBase open_marker_file() Buffer Overflow
+  published: 2007-10-04 03:03:13.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/ib_open_marker_file.rb
+  vulnerabilities:
+  - CVE-2007-5244
+- description: This module exploits a stack buffer overflow in Borland InterBase by
+    sending a specially crafted attach request.
+  filename: ib_pwd_db_aliased.rb
+  name: Borland InterBase PWD_db_aliased() Buffer Overflow
+  published: 2007-10-04 03:03:13.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/ib_pwd_db_aliased.rb
+  vulnerabilities:
+  - CVE-2007-5243
+- description: This module exploits a stack buffer overflow in Borland InterBase by
+    sending a specially crafted create request.
+  filename: fb_isc_attach_database.rb
+  name: Firebird Relational Database isc_attach_database() Buffer Overflow
+  published: 2007-10-04 03:03:13.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/fb_isc_attach_database.rb
+  vulnerabilities:
+  - CVE-2007-5243
+- description: This module exploits a stack buffer overflow in Borland InterBase by
+    sending a specially crafted create request.
+  filename: fb_isc_create_database.rb
+  name: Firebird Relational Database isc_create_database() Buffer Overflow
+  published: 2007-10-04 03:03:13.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/fb_isc_create_database.rb
+  vulnerabilities:
+  - CVE-2007-5243
+- description: This module exploits a stack buffer overflow in Borland InterBase by
+    sending a specially crafted service attach request.
+  filename: fb_svc_attach.rb
+  name: Firebird Relational Database SVC_attach() Buffer Overflow
+  published: 2007-10-04 03:03:13.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/fb_svc_attach.rb
+  vulnerabilities:
+  - CVE-2007-5243
+- description: This module exploits a stack buffer overflow in Borland InterBase by
+    sending a specially crafted attach request.
+  filename: ib_isc_attach_database.rb
+  name: Borland InterBase isc_attach_database() Buffer Overflow
+  published: 2007-10-04 03:03:13.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/ib_isc_attach_database.rb
+  vulnerabilities:
+  - CVE-2007-5243
+- description: This module exploits a stack buffer overflow in Borland InterBase by
+    sending a specially crafted create request.
+  filename: ib_isc_create_database.rb
+  name: Borland InterBase isc_create_database() Buffer Overflow
+  published: 2007-10-04 03:03:13.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/ib_isc_create_database.rb
+  vulnerabilities:
+  - CVE-2007-5243
+- description: This module exploits a stack buffer overflow in Borland InterBase by
+    sending a specially crafted service attach request.
+  filename: ib_svc_attach.rb
+  name: Borland InterBase SVC_attach() Buffer Overflow
+  published: 2007-10-04 03:03:13.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/ib_svc_attach.rb
+  vulnerabilities:
+  - CVE-2007-5243
+- description: This module triggers a heap overflow in the LSA RPC service of the
+    Samba daemon. This module uses the TALLOC chunk overwrite method (credit Ramon
+    and Adriano), which only works with Samba versions 3.0.21-3.0.24. Additionally,
+    this module will not work when the Samba "log level" parameter is higher than
+    "2".
+  filename: lsa_transnames_heap_solaris.rb
+  name: Samba lsa_io_trans_names Heap Overflow (Solaris)
+  published: 2007-07-08 04:11:53.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/lsa_transnames_heap_solaris.rb
+  vulnerabilities:
+  - CVE-2007-2446
+- description: This module triggers a heap overflow in the LSA RPC service of the
+    Samba daemon. This module uses the szone_free() to overwrite the size() or free()
+    pointer in initial_malloc_zones structure.
+  filename: lsa_transnames_heap_osx.rb
+  name: Samba lsa_io_trans_names Heap Overflow (OSX)
+  published: 2007-07-05 01:41:39.000000000 Z
+  updated: 2020-10-02 16:38:06.000000000 Z
+  url: https://github.com/risesecurity/exploits/raw/HEAD/lsa_transnames_heap_osx.rb
+  vulnerabilities:
+  - CVE-2007-2446
+- description: Buffer overflow in the Strcmp function in the XKEYBOARD extension in
+    X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris
+    8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment
+    variable value.
+  filename: sco-x86-xkb.c
+  name: X11R6 XKEYBOARD Extension Strcmp() Stack-based Buffer Overflow Exploit for
+    SCO UnixWare 7.1.3 x86
+  published: 2006-09-07 00:00:00.000000000 Z
+  updated:
+  url: https://github.com/risesecurity/exploits/raw/HEAD/sco-x86-xkb.c
+  vulnerabilities:
+  - CVE-2006-4655
+- description: Buffer overflow in the Strcmp function in the XKEYBOARD extension in
+    X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris
+    8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment
+    variable value.
+  filename: sol-sparc-xkb.c
+  name: X11R6 XKEYBOARD Extension Strcmp() Stack-based Buffer Overflow Exploit for
+    Solaris 8 9 10 SPARC
+  published: 2006-09-07 00:00:00.000000000 Z
+  updated:
+  url: https://github.com/risesecurity/exploits/raw/HEAD/sol-sparc-xkb.c
+  vulnerabilities:
+  - CVE-2006-4655
+- description: Buffer overflow in the Strcmp function in the XKEYBOARD extension in
+    X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris
+    8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment
+    variable value.
+  filename: sol-x86-xkb.c
+  name: X11R6 XKEYBOARD Extension Strcmp() Stack-based Buffer Overflow Exploit for
+    Solaris 8 9 10 x86
+  published: 2006-09-07 00:00:00.000000000 Z
+  updated:
+  url: https://github.com/risesecurity/exploits/raw/HEAD/sol-x86-xkb.c
+  vulnerabilities:
+  - CVE-2006-4655