CVE-2018-16509

This Metasploit module exploits a -dSAFER bypass in Ghostscript (CVE-2018-16509) by manipulating PostScript commands to execute arbitrary commands. It supports multiple targets including Unix, PowerShell, and Linux droppers.

This repository provides a working proof-of-concept for CVE-2018-16509, exploiting a Ghostscript vulnerability via PIL/Pillow to achieve remote command execution. The exploit leverages a crafted EPS file to bypass -dSAFER restrictions in Ghostscript versions before 9.24.

This repository demonstrates a Ghostscript -dSAFER sandbox bypass vulnerability (CVE-2018-16509) via a PHP script that processes image uploads using Imagick, which relies on Ghostscript. The exploit leverages improper handling of PostScript files to bypass security restrictions.

This repository contains a working exploit for CVE-2018-16509, a privilege escalation vulnerability in Ghostscript. The exploit leverages incorrect restoration of privilege checks during handling of /invalidaccess exceptions to execute arbitrary code via the 'pipe' instruction.

The repository contains a minimal PHP script demonstrating image resizing via Imagick, but lacks exploit-specific code for CVE-2018-16509. The README references a Docker container management tool without providing exploit details.

This Metasploit module exploits a -dSAFER bypass in Ghostscript (CVE-2018-16509) by manipulating a failed restore in PostScript to disable LockSafetyParams and execute arbitrary commands. It supports multiple targets including Unix, PowerShell, and Linux dropper payloads.