NGINX Plus and NGINX Open Source have a heap overflow vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the "rewrite" directive with a query string is followed (in the same location) by the "if" or "set" directive with an unnamed Perl-Compatible Regular Expression (PCRE) capture. An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. This module will first check if the endpoint given in the ENDPOINT parameter is present. If no parameter is provided, the module will use "/api" as the default value. Then it will send a HTTP request to the endpoint to cause the DoS and try to determine if the attack was successful.
This module exploits an authentication bypass vulnerability combined and a buffer overflow in Cisco Secure ASA to cause a denial of service effect. First, the module will check if the target is vulnerable to the authentication bypass. If the target is vulnerable, it will proceed to cause the denial of service.
A memory corruption vulnerability in the Windows IPv6 stack allows remote Denial of Service via maliciously crafted IPv6 Fragment Header packets. Exploitation requires no authentication or user interaction. Attackers need only send specially designed packets to vulnerable hosts. Impacts all Windows versions with IPv6 enabled (default since Windows 10). This exploit performs the following steps: Obtains the data needed to launch the attack, such as local device ID and target MAC address. sets the IPv6 headers. Builds specially crafted packets affecting the IPv6 stack (tcpip.sys driver) Sends packets to the target causing a denial of service. Check if the remote machine is down due to Blue Screen of Death (BSOD)
This module triggers a denial-of-service flaw in the Windows Local Session Manager (LSM). It was found to exist in Windows 11 but not in Windows 10. The vulnerability allows an authenticated, low-privileged user to crash the LSM service by making a simple Remote Procedure Call (RPC) to the RpcGetSessionIds function. The impact of this vulnerability is significant, as a crash of the LSM service can prevent users from logging in or out and affects services that depend on LSM, such as Remote Desktop Protocol (RDP) and Microsoft Defender. The vulnerability can be exploited remotely by an authenticated user with low privileges, especially on a domain controller.
This module triggers a memory corruption vulnerability in the Event Log Service by sending a malformed packet. It can be used by a remote attacker to stop recording events of important software so will left no traces. For example, if an attacker installs an agent on a domain-joined workstation. He can remotely stop the domain controller's Event Log service.
Subscribe to Denial of Service