Результаты поиска

macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded While fuzzing JavaScriptCore, I encountered the following (modified and commented) JavaScript program which crashes jsc from current HEAD and release...

macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles While fuzzing JSC, I encountered the following JS program which crashes JSC from current HEAD and release (/System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc): // Run with --useConcurrentJIT=false...

WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

LAME 3.99.5 - 'II_step_one' Buffer Overflow Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results on the debian bugtracker...

Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming ## # Exploit Title: Unauthenticated Audio Streaming from Amcrest Camera # Shodan Dork: html:"@WebVersion@" # Date: 08/29/2019 # Exploit Author: Jacob Baines # Vendor Homepage: https://amcrest.com/ # Software Link...

Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include...

Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank =...

Netgear DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'net/http' require "base64" class MetasploitModule < Msf::Exploit::Remote Rank =...

How to Write Fully Undetectable Malware - English Translation 42250.pdf

Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

NTFS 3.1 - Master File Table Denial of Service <!-- # Exploit Title: NTFS 3.1 Master File Table DoS Exploit # Date: 6\23\17 # Exploit Author: EagleWire # Version: Windows XP/7/8/8.1 # Tested on: Windows XP/7/8/8.1 1. Description: This exploits a vulnerability in Windows XP to Windows 8.1. The...

Adobe Flash - Image Decoding Out-of-Bounds Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1215 The attached png file causes an out-of-bounds read when being decoded by flash. To reproduce the issue, put LoadImage.swf and read1.png on a server, and visit...

Adobe Flash - ATF Parser Heap Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1216 The attached file causes heap corruption in the ATF parser. To reproduce the issue, copy atffree.atf and LoadImage.swf to a server, and visit...

Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated) # Exploit Title: Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated) # Date: 26-6-2019 # Exploit Author: Wietse Boonstra # Vendor Homepage: https://ahsay.com # Software Link...

Microsoft Edge - 'CssParser::RecordProperty' Type Confusion <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1254 There is a type confusion vulnerability in Microsoft Edge. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit (OS version 1607, OS build...

Adobe Flash - AVC Edge Processing Out-of-Bounds Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1212 The attached file causes an out-of-bounds read in avc edge processing. Proof of Concept...

pdfresurrect 0.15 - Buffer Overflow # Exploit Title: pdfresurrect 0.15 Buffer Overflow # Date: 2019-07-26 # Exploit Author: j0lama # Vendor Homepage: https://github.com/enferex/pdfresurrect # Software Link: https://github.com/enferex/pdfresurrect # Version: 0.15 # Tested on: Ubuntu 18.04 # CVE...

Microsoft Windows - 'nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation)' Kernel Stack Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1214&desc=2 We have discovered that the nt!NtQueryInformationWorkerFactory system call called with the...

unrar 5.40 - 'VMSF_DELTA' Filter Arbitrary Memory Write Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6 It appears that the VMSF_DELTA memory corruption that was reported to Sophos AV in 2012 (and fixed there) was actually inherited from upstream unrar. For...

Microsoft Windows - 'USP10!otlValueRecord::adjustPos' Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1204 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlValueRecord::adjustPos...

Microsoft Windows - 'USP10!otlReverseChainingLookup::apply' Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1205 We have encountered a crash in the Windows Uniscribe user-mode library, in the...

Microsoft Windows - 'nt!NtQueryInformationResourceManager (information class 0)' Kernel Stack Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1207 We have discovered that the nt!NtQueryInformationResourceManager system call called with the 0 information...

Microsoft Windows Kernel - 'ATMFD.DLL' Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1213 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file...

Microsoft Windows - 'USP10!CreateIndexTable' Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1201 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!CreateIndexTable function, while trying...

Microsoft Windows - 'USP10!NextCharInLiga' Uniscribe Font Processing Out-of-Bounds Memory Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1202 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!NextCharInLiga function, while trying to...