Результаты поиска

FreeBSD - 'setrlimit' Stack Clash (PoC) /* * FreeBSD_CVE-2017-1085.c * Copyright (C) 2017 Qualys, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either...

Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability <!-- VULNERABILITY DETAILS void PresentationAvailabilityState::UpdateAvailability( const KURL& url, mojom::blink::ScreenAvailability availability) { [...] {...

How to Exploit ETERNALBLUE on Windows Server 2012 R2 42280.pdf

Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

FreeBSD - 'FGPU' Stack Clash (PoC) /* * FreeBSD_CVE-2017-FGPU.c for CVE-2017-1084 (please compile with -O0) * Copyright (C) 2017 Qualys, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by *...

FreeBSD - 'FGPE' Stack Clash (PoC) /* * FreeBSD_CVE-2017-FGPE.c for CVE-2017-1084 (please compile with -O0) * Copyright (C) 2017 Qualys, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by *...

Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation /* * Linux_ldso_hwcap_64.c for CVE-2017-1000366, CVE-2017-1000379 * Copyright (C) 2017 Qualys, Inc. * * my_important_hwcaps() adapted...

Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation /* * Linux_ldso_dynamic.c for CVE-2017-1000366, CVE-2017-1000371 * Copyright (C) 2017 Qualys, Inc. * * This program is free software: you can redistribute it...

macOS iMessage - Heap Overflow when Deserializing There is a heap overflow in [NSURL initWithCoder:] that can be reached via iMessage and likely other paths. When an NSURL is deserialized, one property its plist can contain is NS.minimalBookmarkData, which is then used as a parameter for...

NetBSD - 'Stack Clash' (PoC) /* * NetBSD_CVE-2017-1000375.c (please compile with -O0) * Copyright (C) 2017 Qualys, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software...

Linux Kernel - 'offset2lib' Stack Clash /* * Linux_offset2lib.c for CVE-2017-1000370 and CVE-2017-1000371 * Copyright (C) 2017 Qualys, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by *...

Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation /* * Linux_ldso_hwcap.c for CVE-2017-1000366, CVE-2017-1000370 * Copyright (C) 2017 Qualys, Inc. * * my_important_hwcaps() adapted from elf/dl-hwcaps.c...

Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities 1. *Advisory Information* Title: Kaspersky Anti-Virus File Server Multiple Vulnerabilities Advisory ID: CORE-2017-0003 Advisory URL...

Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation /* * Solaris_rsh.c for CVE-2017-3630, CVE-2017-3629, CVE-2017-3631 * Copyright (C) 2017 Qualys, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General...

OpenBSD - 'at Stack Clash' Local Privilege Escalation /* * OpenBSD_at.c for CVE-2017-1000373 * Copyright (c) 2017 Qualys, Inc. * slowsort() adapted from lib/libc/stdlib/qsort.c: * * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. * *...

Oracle Hyperion Planning 11.1.2.3 - XML External Entity - Exploit Title: XXE Injection Oracle Hyperion - Exploit Author: Lucas Dinucci ([email protected]) - Twitter: @identik1t - Vendor Homepage: https://www.oracle.com/applications/performance-management - Date: 02/11/2019 - Affected...

[Persian] Xpath Injection 42266.pdf

iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects The class _NSDataFileBackedFuture can be deserialized even if secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called...

Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include...

Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 In issue 1260 I discussed Microsoft's "apicall" instruction that can invoke a large number of internal emulator apis and is exposed to remote...

GLPI 0.90.4 - SQL Injection # Exploit Title: Multiple SQL injection vulnerabilities in GLPI 0.90.4 # Date: 2016/09/09 # Exploit Author: Eric CARTER (in/ericcarterengineer - CS c-s.fr) # Vendor Homepage: http://glpi-project.org # Software Link: http://glpi-project.org/spip.php?article3 #...

iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References When deserializing a class with initWithCoder, subclasses of that class can also be deserialized so long as they do not override initWithCoder and implement all methods that require a concrete...

iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1 There is a memory corruption vulnerability when decoding an object of class NSKnownKeysDictionary1. This class decodes an object of type NSKnownKeysMappingStrategy1, which decodes a length member which is supposed to represent...

LAME 3.99.5 - 'III_dequantize_sample' Stack Buffer Overflow Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results on the...

macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances When deserializing NSObjects with the NSArchiver API [1], one can supply a whitelist of classes that are allowed to be unarchived. In that case, any object in the archive whose class is...