• Stars
    star
    430
  • Rank 101,083 (Top 2 %)
  • Language
  • License
    Other
  • Created about 6 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Named vulnerabilities and their practical impact

Vulnerabilities and Attacks

Have vulnerabilities been used in real world attacks?

Logo Name Year Target Description Real attack? Notes/Sources
Slowloris 2009 HTTP servers Denial of service by keeping connections open Yes Abused by Spammers
- BEAST 2011 TLS 1.0 Attacking implicit IV in CBC mode encryption No -
- CRIME 2012 TLS TLS Compression leaks information No -
BREACH 2013 TLS HTTP compression inside TLS leaks information No -
- TIME 2013 TLS Compression attack with Javascript/TCP sidechannel No -
Heartbleed 2014 OpenSSL Buffer overread leaking server memory Yes Reuters/Canadian tax agency JPMorgan Hack
CCS Injection 2014 OpenSSL State machine confusion via early CCS No -
Shellshock 2014 Bash Remote code execution via variables Yes Cloudflare/Exploits
- Drupalgeddon 2014 Drupal SQL Injection leading to RCE Yes Drupal/Automated attacks after 7h
- POODLE 2014 SSLv3 Padding oracle with downgrade attack No -
- goto fail 2014 Apple iOS Typo in source code disabling TLS certificate verification No -
- GHOST 2015 Glibc Buffer overflow via DNS No -
- FREAK 2015 TLS Downgrade to export ciphers No -
- Superfish 2015 Lenovo laptops Bundled software with shared root certificate No -
- Rowhammer 2015 DRAM Bitflips in RAM modules No -
- Logjam 2015 TLS Weak diffie hellman parameters No* Speculation this may've been exploited by the NSA
- Stagefright 2015 Stagefright/Android Memory corruption in media parsers No -
VENOM 2015 QEMU VM escape No -
DROWN 2016 TLS/SSLv2 Bleichenbacher attack using SSLv2 No -
Badlock 2016 Samba/SMB Various man in the middle attacks No -
- ImageTragick 2016 Imagemagick Remote code execution in image parsers Yes Cloudflare reporting attacks
- HEIST 2016 TLS Compression attack with Javascript/TCP sidechannel No -
Sweet32 2016 TLS/3DES Block collissions in 64 bit block ciphers No -
Dirty COW 2016 Linux Kernel Race condition leading to local root exploit Yes ZDNet/Drupalgeddon2/DirtyCOW attacks TrendMicro/ZNIU Android Malware
KRACK 2017 WPA2 Nonce reuse in wireless encryption No -
DUHK 2017 FortiOS Hardcoded key in FIPS-certified X9.31 RNG No -
ROBOT 2017 TLS Lack of Bleichenbacher attack countermeasures No -
- EternalBlue 2017 Windows/SMBv1 Remote code exection via SMB Yes WaPo/NSA use, WannaCry, NotPetya
- SambaCry 2017 Samba RCE via Samba shares Yes Kaspersky/Honeypot attacks
Meltdown 2018 CPU/OS Speculative execution sidechannel attacking root/user barrier No -
Spectre 2018 CPU/OS Speculative execution sidechannel attacking program flow No -
- Drupalgeddon 2 2018 Drupal Remote code execution Yes ZDNet/Drupalgeddon2/DirtyCOW attacks
EFAIL 2018 OpenPGP/SMIME Exfiltrate decrypted mails with HTML No -
- Bleichenbacher's CAT 2018 TLS Lack of Bleichenbacher attack countermeasures No -

FAQ

What?

I'm wondering how many of the "famous" security vulnerabilities have actually been used in attacks that have been documented, so I made a list.

Couldn't there be unknown attacks?

Obviously this list can only cover attacks that have been publicly documented, particularly targetted attacks or attacks within communities with low transparency.

Still if attacks have been widely used it's reasonable to assume that someone will have documented them.

The table is wrong! Attack X has been used!

Please open an issue or a pull request. I created this repo to learn whether my assumptions are correct.

What counts as a real world attack?

I realize the distinction can be blurry, but it should be an attack that has been carried out without the consent of the owner of the affected system and it should've successfully compromised some security expectation.

Also there should be at least one publicly available description with sufficient detail to make the attack plausible, not just vague rumors.

There's an important attack missing!

Open an issue or a pull request, but I may close it if I believe the attack hasn't received sufficient attention or is a pure marketing stunt.

There's a logo missing!

Likely due to unclear licensing terms. All logos used here are under free licenses.

Copyright

The document and most logos are CC0 / public domain, with some exceptions.

More Repositories

1

snallygaster

Tool to scan for secret files on HTTP servers
Python
2,047
star
2

bashcheck

test script for shellshocker and related vulnerabilities
Shell
653
star
3

php-crashers

Example scripts that cause segfaults in PHP
PHP
448
star
4

meltdownspectre-patches

Summary of the patch status for Meltdown / Spectre
346
star
5

vacdec

Python script to decode the EU Covid-19 vaccine certificate
Python
242
star
6

optionsbleed

Python
145
star
7

tlshelpers

A collection of shell scripts that help handling X.509 certificate and TLS issues
Shell
127
star
8

tls-what-can-go-wrong

TLS - what can go wrong?
100
star
9

smtpsmug

Python
94
star
10

hpkp

HTTP Public Key Pinning (HPKP) pin generation tools
Shell
71
star
11

apache-uaf

Apache use after free bug infos / ASAN stack traces
65
star
12

superfishy

Archive of software and other data involved in the Superfish / Komodia incident
Python
59
star
13

fpmvuln

bash poc scripts to exploit open fpm ports
Shell
58
star
14

lecaa

Check for Let's Encrypt CAA issue
Shell
53
star
15

hackercon

List of Free Software and IT Security related conferences
52
star
16

bignum-fuzz

Code to fuzz bignum libraries
C
46
star
17

selftls

Sample application to let OpenSSL talk to itself (for fuzzing)
C
33
star
18

pgpecosystem

Scripts to parse and analyze pgp key server data
Python
31
star
19

com2txt

com2txt tool (from 1993)
C
30
star
20

zipeinfo

ZIP encryption info
Python
29
star
21

alphasecret

Find PNG files with suspicious data in alpha channel
Shell
28
star
22

ctgrab

Shell
25
star
23

pgpbugs

A history of PGP-related vulnerabilities
21
star
24

mmapfail

Simple shell script to detect bad checks of mmap() return value
C
19
star
25

ed25519hetzner

Script to scan OpenSSH host key and known_hosts files for shared keys from server hoster Hetzner
Shell
19
star
26

pwncloud

proof of concept to backdoor files from owncloud encryption module
Shell
17
star
27

svnscraper

bash script to download publicly available .svn directories
Shell
16
star
28

libfuzzer-examples

examples for libfuzzer
C++
15
star
29

secpw

Secure random passwords in Javascript
HTML
14
star
30

ipmx

Python
13
star
31

badocspcert

Check for certs affected by July 2020 OCSP intermediate incident
Shell
13
star
32

jitsivuln

Check for jitis meet default password vulnerability
Python
12
star
33

primecheck

Check Diffie Hellman group prime parameter
Python
11
star
34

pypi-bad

Bad packages from the pypi repository
Python
9
star
35

httpstime

Setting the system time over HTTPS
Shell
9
star
36

mbox2maildir

Script to convert between mbox and maildir format
Python
9
star
37

webminex

poc exploit for webmin backdoor (CVE-2019-15107 and CVE-2019-15231)
8
star
38

asantoo

Overlay to use Gentoo with Address Sanitizer
Shell
8
star
39

emailprotocols

An overview of E-Mail protocols and data formats
8
star
40

silic

silic - simple link checker written in python
Python
7
star
41

rpter

Parse mails with reports from DMARC and SMTP TLS Reporting
Python
7
star
42

uudeview

Decoder and encoder for Base64 (MIME), uuencoded, xxencoded and Binhex files.
C
7
star
43

rompager-check

Online and offline check tool for the RomPager HTTP server and vulnerable versions
PHP
6
star
44

tmobile-login

Trivial bash script to log into Telekom / T-Mobile wireless lan
Shell
6
star
45

fritzbox-keys

private keys found on AVM Fritz!Box firmware images
5
star
46

pwsec

Simple password generator with no options
Shell
5
star
47

xssgame

PHP
5
star
48

exif2osm

Convert JPEG exif geotags to link on openstreetmap.org
Shell
5
star
49

pwbloom

Simple web index to use bloom filter for Pwned Passwords
Python
4
star
50

htpasswdos

Proof of concept for Apache htpasswd denial of service
PHP
4
star
51

symlinkown

Patch for the Linux Kernel to implement "SymlinksIfOwnerMatches" features
Shell
4
star
52

rdrand-test

Testing the rdrand CPU instruction
C
3
star
53

crimesafe-csrf

Create CSRF tokens secure from compression attacks like CRIME/BREACH/TIME/HEIST
PHP
3
star
54

cbugs

examples for C / C++ bugs caught by various safety tools
C
3
star
55

procdown

Harden access to the /proc filesystem in Linux
Shell
3
star
56

CVE-2020-27603-bbb-libreoffice-poc

Proof of Concept of Libreoffice file exfiltration vulnerability in Big Blue Button
3
star
57

svgx

Shell script chaining various SVG optimization tools
Shell
3
star
58

smtpsend

Command line tool to send mails with authentication
Python
2
star
59

fcrdns

Command line Forward-confirmed reverse DNS (FCrDNS) check written in Python
Python
2
star
60

rosproject-scripts

Scripts to compile ROS packages with compiler sanitizers
Shell
2
star
61

websec-examples

Some trivial examples for web vulnerabilities
PHP
2
star
62

gccweverything

Shell
2
star
63

getacmeaccount

Get account ID and other account info with private key for ACME account
Python
2
star
64

whichmicroarch

Shell script to guess CPU microarchitecture for latest CFLAGS
Shell
1
star
65

wolfoverflow

poc for stack buffer overflow in wolfssl
Shell
1
star
66

squirrelpatches

Patches for Squirrelmail
1
star
67

blocklistmaker

Scripts to create compromised key blocklists for the badkeys tool
1
star
68

ros-sanitizer-logs

Logs from ASAN/UBSAN/TSAN tests of ROS
1
star
69

rbltest

Simple script to query mailserver realtime block lists (RBLs)
Python
1
star
70

sanhash

Normalize and hash ASAN/MSAN crash dumps
Shell
1
star
71

snallygaster-testdata

Test data for the snallygaster tool
1
star
72

fpracer

File permission race proof of concept
Python
1
star
73

thrusql

Docker image to access German emission data from thru.de
Dockerfile
1
star
74

wifiinjection

Collection of Screenshots documenting WiFi Networks injecting content into HTTP pages
1
star
75

getkey

Bruteforce-search private keys in larger files
Python
1
star
76

abusescript

Scripts I've been using to inform owners of hosts affected by security vulnerabilities
Shell
1
star
77

acmereflect

quick and dirty check for ACME API endpoints that reflect content
Shell
1
star
78

sriutil

Python
1
star