Результаты поиска

Stealing Windows Credentials Using Google Chrome 42015.pdf

Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation While fuzzing Spidermonkey, I encountered the following (commented and modified) JavaScript program which crashes debug builds of the latest release version of Spidermonkey (from commit...

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities # Exploit Title: [Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x Multiple Vulnerabilities] # Date: [12/01/2017] # Exploit Author: [SlidingWindow] , Twitter: @Kapil_Khot # Vendor...

Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm (and possibly others): When kgsl_mem_entry_destroy() in drivers/gpu/msm/kgsl.c is called for a...

LabF nfsAxe 3.7 FTP Client - Remote Buffer Overflow (SEH) #!/usr/bin/python print "LabF nfsAxe 3.7 FTP Client Buffer Overflow (SEH)" print "Author: Tulpa / tulpa[at]tulpa-security[dot]com" #Author website: www.tulpa-security.com #Author twitter: @tulpa_security #Tested on Windows Vista...

Sophos Web Appliance 4.3.1.1 - Session Fixation # Exploit Title: [Sophos Secure Web Appliance Session Fixation Vulnerability] # Date: [28/02/2017] # Exploit Author: [SlidingWindow] , Twitter: @Kapil_Khot # Vendor Homepage: [https://www.sophos.com/en-us/products/secure-web-gateway.aspx] #...

Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script IonMonkey can, during a bailout, leak an internal JS_OPTIMIZED_OUT magic value to the running script. This magic value can then be used to achieve memory corruption. # Prerequisites ## Magic Values Spidermonkey represents...

Microsoft Windows 7 Kernel - 'win32k!xxxClientLpkDrawTextEx' Stack Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1182 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows...

Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1127 We have identified two related bugs in Windows kernel code responsible for implementing the bind() socket...

Quest Privilege Manager - pmmasterd Buffer Overflow (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include...

Admidio 3.2.8 - Cross-Site Request Forgery # Exploit Title :Admidio 3.2.8 (CSRF to Delete Users) # Date: 28/April/2017 # Exploit Author: Faiz Ahmed Zaidi Organization: Provensec LLC Website: http://provensec.com/ # Vendor Homepage: https://www.admidio.org/ # Software Link...

Microsoft Windows 7 Kernel - Uninitialized Memory in the Default dacl Descriptor of System Processes Token /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1145 We have observed (on Windows 7 32-bit) that for unclear reasons, the kernel-mode structure containing the...

Microsoft Windows 10 Kernel - 'nt!NtTraceControl (EtwpSetProviderTraits)' Pool Memory Disclosure /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1161 We have discovered that the handler of the nt!NtTraceControl system call (specifically the EtwpSetProviderTraitsUm...

Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH) #!/usr/bin/python # Exploit Title : Halliburton LogView Pro 10.0.1 - Local Buffer Overflow (SEH) # Date : 2017-05-14 # Exploit Author : Muhann4d # CVE : CVE-2017-8926 # Vendor Homepage ...

Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH) #!/usr/bin/python # Exploit Title : Larson VizEx Reader 9.7.5 - Local Buffer Overflow (SEH) # Date : 14/05/2017 # Exploit Author : Muhann4d # CVE : CVE-2017-8927 # Vendor Homepage : http://www.cgmlarson.com/ #...

PlaySMS 1.4 - '/sendfromfile.php' Remote Code Execution / Unrestricted File Upload # Exploit Title: PlaySMS 1.4 Code Execution using $filename and Unrestricted File Upload in sendfromfile.php # Date: 14-05-2017 # Software Link: https://playsms.org/download/ # Version: 1.4 # Exploit Author...

Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote...

OpenVPN 2.4.0 - Denial of Service #!/usr/bin/env python3 ''' $ ./dos_server.py & $ sudo ./openvpn-2.4.0/src/openvpn/openvpn conf/server-tls.conf ... Fri Feb 24 10:19:19 2017 192.168.149.1:64249 TLS: Initial packet from [AF_INET]192.168.149.1:64249, sid=9a6c48a6 1467f5e1 Fri Feb 24 10:19:19...

Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation // A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on 4.8.0-41-generic Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308 //...

SAP SAPCAR 721.510 - Heap Buffer Overflow ''' Source: https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability 1. Advisory Information Title: SAP SAPCAR Heap Based Buffer Overflow Vulnerability Advisory ID: CORE-2017-0001 Advisory URL...

Apple Mac OS X - Feedback Assistant Race Condition (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include...

Microsoft IIS - WebDav 'ScStoragePathFromUrl' Remote Overflow (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking include...

LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1124 There are multiple paths in mkvparser::Block::Block(...) that result in heap buffer overflows. See attached for sample files that trigger the overflow...

Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation Windows: CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration EoP Platform: Windows 10 1809 (not tested earlier) Class: Elevation of Privilege Security Boundary (per Windows Security...

Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free Visual Voicemail (VVM) is a feature of mobile devices that allows voicemail to be read in an email-like format. Carriers set up a Visual Voicemail server that supports IMAP, and the device queries this server for new email...