Результаты поиска

WebKit JSC - 'ArgumentsEliminationPhase::transform' Incorrect LoadVarargs Handling <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1262 Here is a snippet of ArgumentsEliminationPhase::transform case LoadVarargs: ... if (candidate->op() ==...

WebKit JSC - 'ObjectPatternNode::appendEntry' Stack Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1256 Here's a snippet of ObjectPatternNode::appendEntry. void appendEntry(const JSTokenLocation&, ExpressionNode* propertyExpression, DestructuringPatternNode*...

WebKit JSC - 'arrayProtoFuncSplice' Uninitialized Memory Reference <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1234 Here's a snippet of arrayProtoFuncSplice. EncodedJSValue JSC_HOST_CALL arrayProtoFuncSplice(ExecState* exec) { ... result =...

Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'expect' class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking...

Tableau - XML External Entity # Exploit Title: Tableau XXE # Google Dork: N/A # Date: Reported to vendor July 2019, fix released August 2019. # Exploit Author: Jarad Kopf # Vendor Homepage: https://www.tableau.com/ # Software Link: Tableau Desktop downloads...

VICIdial 2.9 RC 1 < 2.13 RC1 - 'user_authorization' Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

WebKit JSC - 'DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry)' Incorrect Scope Register Handling <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1234 Here's a snippet of DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry). void...

Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Windows: SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Platform: Windows 10 1903, 1809 (not tested earlier) Class: Security Feature Bypass Summary: The NTFS driver supports a new FS control code to...

Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core/exploit/local/windows_kernel' require 'rex' require 'metasm' class...

IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit) ## ## This module requires Metasploit: https://metasploit.com/download ## Current source: https://github.com/rapid7/metasploit-framework ### class MetasploitModule < Msf::Exploit::Remote include...

WebKit - 'WebCore::InputType::element' Use-After-Free (1) <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1244 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

WebKit - 'WebCore::RenderObject' with Accessibility Enabled Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1246 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. Note that...

WebKit - 'WebCore::Node::getFlag' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1243 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC (note that you might need to refresh a...

WebKit - 'WebCore::getCachedWrapper' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1242 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

WebKit - 'WebCore::Node::nextSibling' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1241 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

WebKit - 'WebCore::RenderSearchField::addSearchResult' Heap Buffer Overflow <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1250 There is a heap buffer overflow in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC...

Kimai 2 - Persistent Cross-Site Scripting # Exploit Title: Kimai 2- persistent cross-site scripting (XSS) # Date: 07/15/2019 # Exploit Author: osamaalaa # Vendor Homepage: [link] # Software Link: https://github.com/kevinpapst/kimai2 # Fixed on Github ...

WebKit - 'WebCore::AccessibilityNodeObject::textUnderElement' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1249 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. Note that...

WebKit - 'WebCore::AccessibilityRenderObject::handleAriaExpandedChanged' Use-After-Free <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1245 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly...

Adobe Acrobat Reader DC for Windows - free() of Uninitialized Pointer due to Malformed JBIG2Globals Stream We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- (4970.179c): Access...

Adobe Acrobat Reader DC for Windows - Double Free due to Malformed JP2 Stream We have observed the following crash in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- ======================================= VERIFIER STOP 00000007: pid...

EyesOfNetwork 5.1 - Authenticated Remote Command Execution # Exploit Title: EyesOfNetwork 5.1 - Authenticated Remote Command Execution # Google Dork: N/A # Date: 2019-08-14 # Exploit Author: Nassim Asrir # Vendor Homepage: https://www.eyesofnetwork.com/ # Software Link...

Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow in CoolType.dll We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- (3fb8.2ac4): Access violation - code c0000005...

Adobe Acrobat Reader DC for Windows - Heap-Based Memory Corruption due to Malformed TTF Font We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- (4c84.1e3c): Access violation -...

Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- (2728.1fa8): Access violation -...