Результаты поиска

Crypttech CryptoLog - Remote Code Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1102 In both of the following functions mkvparser::AudioTrack::AudioTrack(mkvparser::Segment*, mkvparser::Track::Info const&, long long, long long)...

LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1117 Failure to initialise pointers in mkvparser::Tracks constructor The constructor mkvparser::Tracks::Tracks() doesn't handle parsing failures...

Xen 64bit PV Guest - pagetable use-after-type-change Breakout Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1231 This is a bug in Xen that permits an attacker with control over the kernel of a 64bit X86 PV guest to write arbitrary entries into a live top-level pagetable...

Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remote Type Confusion Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5 MsMpEng is the Malware Protection service that is enabled by default on Windows 8, 8.1, 10...

I, Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory < 20170509-0 > ======================================================================= title: Multiple...

Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free # Reproduction Repros on 10.14.3 when run as root. It may need multiple tries to trigger. $ clang -o in6_selectsrc in6_selectsrc.cc $ while 1; do sudo ./in6_selectsrc; done res0: 3 res1: 0 res1.5: -1 //...

MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH) #!/usr/bin/python # Exploit Title : MediaCoder 0.8.48.5888 Local Buffer Overflow (SEH) # CVE : CVE-2017-8869 # Exploit Author : Muhann4d @0xSecured # Vendor Homepage : http://www.mediacoderhq.com # Vulnerable Software...

Gemalto SmartDiag Diagnosis Tool < 2.5 - Local Buffer Overflow (SEH) # Exploit Title: Gemalto SmartDiag Diagnosis Tool <= v2.5 - Buffer Overflow - SEH Overwrite # Date: 16-03-2017 # Software Link: http://support.gemalto.com/index.php?id=download_tools # Exploit Author: Majid Alqabandi #...

Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized While fuzzing JavaScriptCore, I encountered the following (modified and commented) JavaScript program which crashes jsc from current HEAD and release: //...

Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc from current HEAD (git commit 3c46422e45fef2de6ff13b66cd45705d63859555) in debug and...

Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl /* # Reproduction Tested on macOS 10.14.3: $ clang -o stf_wild_read stf_wild_read.cc $ ./stf_wild_read # Explanation SIOCSIFADDR is an ioctl that sets the address of an interface. The stf interface ioctls are...

Apple Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free <!-- Sources: https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf https://github.com/phoenhex/files/blob/master/exploits/cachedcall-uaf.html Overview The WebKit bug we used at Pwn2Own is CVE-2017-2491 / ZDI-17-231, a use-after-free...

Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution /* Exploit Title: Brocade Network Advisor - Unauthenticated Remote Code Execution Date: 2017-03-29 Exploit Author: Jakub Palaczynski Vendor...

Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR operation could cause garbage collection (GC)...

MySQL < 5.6.35 / < 5.7.17 - Integer Overflow ''' # Source: https://raw.githubusercontent.com/SECFORCE/CVE-2017-3599/master/cve-2017-3599_poc.py # Exploit Title: Remote MySQL DOS (Integer Overflow) # Google Dork: N/A # Date: 13th April 2017 # Exploit Author: Rodrigo Marcos # Vendor Homepage...

Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit Rank = ExcellentRanking include...

BluedIoT: When a mature and immature technology mixes, becomes an 'idiot' situation 41956.pdf

GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

IrfanView 4.44 - Denial of Service # Exploit Title: Irfanview - OtherExtensions Input Overflow # Date: 29-04-2017 # Software Link: http://download.cnet.com/IrfanView/?part=dl-&subj=dl&tag=button # Exploit Author: Dreivan Orprecio #Version: Irfanview 4.44 #Irfanview is vulnerable to overflow in...

Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection # Tuleap - Command Injection in Project Wiki **CVE:** CVE-2017-7981 **CVSSv3:** 9.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C) **Versions affected:** >= 8.3 and <= 9.6.99.86 ## Introduction Tuleap is a Libre suite...

Local File Disclosure using SQL Injection 41938.pdf

Microsoft Internet Explorer 11.576.14393.0 - 'CStyleSheetArray::BuildListOfMatchedRules' Memory Corruption <!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1118 There is a memory corruption vulnerability in Internet Explorer. The vulnerability was confirmed on Internet...

Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Iperius Backup 6.1.0 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo_ Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor Homepage: https://www.iperiusbackup.com/ Version: 6.1.0 Software Link...