Результаты поиска

Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow (SEH) # Tested on Windows XP SP3 (x86) # The application requires to have the web server enabled. #!/usr/bin/python import socket, threading, struct host = "192.168.228.155" port = 80 def send_egghunter_request(): # msfvenom -p...

Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank =...

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1310 (function f(a = (function () { print(a); with ({}); })()) { function g() { f; } })(); When Chakra executes the above code, it...

Microsoft Edge Chakra - 'Parser::ParseCatch' Does Not Handle 'eval()' (Denial of Service) <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1326 In Javascript, the code executed by a direct call to eval shares the caller block's scopes. Chakra handles this from the...

Microsoft Edge Chakra - 'JavascriptFunction::ReparseAsmJsModule' Incorrectly Re-parses <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1327 Here's the method used to re-parse asmjs modules. void JavascriptFunction::ReparseAsmJsModule(ScriptFunction** functionRef) {...

Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Kernel Driver mmap Handler Exploitation 42760.pdf

Microsoft Edge - Chakra Incorrectly Parses Object Patterns <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1308 When the Chakra's parser meets "{", at first, Chakra treats it as an object literal without distinguishing whether it will be an object literal(i.e., {a...

[Turkish] Windows and Linux Privilege Escalation 42757.pdf

Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1309 There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server...

Microsoft Edge 38.14393.1066.0 - 'COptionsCollectionCacheItem::GetAt' Out-of-Bounds Read <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1301 There is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The...

Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1276&desc=2 We have discovered that the nt!NtGdiEngCreatePalette system call discloses large portions of uninitialized kernel stack memory to...

Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1304 We have discovered that the win32k!NtGdiDoBanding system call discloses portions of uninitialized kernel stack memory to user-mode clients...

Microsoft Windows Kernel - 'win32k!NtQueryCompositionSurfaceBinding' Stack Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1307 We have discovered that the win32k!NtQueryCompositionSurfaceBinding system call discloses portions of uninitialized kernel...

Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath' (Denial of Service) Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1273 We have encountered a number of Windows kernel crashes in the...

Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow' (Denial of Service) Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1274 We have encountered a number of Windows kernel crashes in the...

Microsoft Windows Kernel - 'win32k!NtGdiGetFontResourceInfoInternalW' Stack Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1275 We have discovered that the nt!NtGdiGetFontResourceInfoInternalW system call discloses portions of uninitialized kernel stack...

Microsoft Windows Kernel - 'win32k!NtGdiGetGlyphOutline' Pool Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1267&desc=2 We have discovered that the win32k!NtGdiGetGlyphOutline system call handler may disclose large portions of uninitialized pool memory...

Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1268 We have discovered that the nt!NtGdiGetPhysicalMonitorDescription system call discloses portions of uninitialized kernel...

Microsoft Windows Kernel - 'nt!NtSetIoCompletion / nt!NtRemoveIoCompletion' Pool Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1269 We have discovered that the nt!NtRemoveIoCompletion system call handler discloses 4 bytes of uninitialized pool memory...

Mako Web Server 2.5 - Multiple Vulnerabilities [+] SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391 [+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source...

Infinite Automation Mango Automation - Command Injection (Metasploit) require 'msf/core' class MetasploitModule < Msf::Auxiliary Rank = GreatRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Infinite Automation...

[Hebrew] Digital Whisper Security Magazine #86 42712.pdf

Docker Daemon - Unprotected TCP Socket (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (2) # -*- coding: utf-8 -*- """ Jungo DriverWizard WinDriver Kernel Pool Overflow Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1...