exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 197 RSS Feed

Files

Adobe Flash Sprite Creation Use-After-Free
Posted Mar 22, 2016
Authored by Google Security Research, natashenka

There is a use-after-free in Sprite Creation. If a Sprite is created, and then the handler for the frameConstructed event triggers a remove object action, the Sprite is then used after it has been freed.

tags | exploit
systems | linux
advisories | CVE-2016-1000
SHA-256 | c39ed19e599f2e87429baaa1420ef1c22c03fa613b8ce27ef51b01a165eed4b8
Adobe Flash AsBroadcaster.broadcastMessage Uninitialized Stack Parameter Access
Posted Mar 22, 2016
Authored by Google Security Research, natashenka

The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin APSB15-32 can sometimes access a parameter on the native stack that is uninitialized.

tags | exploit
systems | linux
advisories | CVE-2016-0999
SHA-256 | 982e087bae1ff3d75902f159298bed43a1c32bb041ce513c46a96da67786a262
Adobe Flash Object.unwatch Uninitialized Stack Parameter Access
Posted Mar 22, 2016
Authored by Google Security Research, natashenka

The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin APSB15-32 can sometimes access a parameter on the native stack that is uninitialized.

tags | exploit
systems | linux
advisories | CVE-2016-0998
SHA-256 | fca666e43ec07be074a4810a7671db92ce36a0d756afde739005726379118d6f
Adobe Flash MovieClip.swapDepth Uninitialized Stack Parameter Access
Posted Mar 22, 2016
Authored by Google Security Research, natashenka

The ActionScript parameter conversion in the fix for Google Security Research issue 403 can sometimes access a parameter on the native stack that is uninitialized.

tags | exploit
systems | linux
advisories | CVE-2016-0997
SHA-256 | ccc716718377c7f69a2d68eb3c1540336084d2a28e046619c48fea014951002e
OS X Kernel AppleKeyStore Use-After-Free
Posted Mar 22, 2016
Authored by Google Security Research, Ian Beer

The AppleKeyStore userclient uses an IOCommandGate to serialize access to its userclient methods, however by racing two threads, one of which closes the userclient (which frees the IOCommandGate) and one of which tries to make an external method call we can cause a use-after-free of the IOCommandGate.

tags | exploit
systems | linux
advisories | CVE-2016-1755
SHA-256 | 1db8ce601471ad3e19f7c84c23572709a3952990a28f5b5d130277dfb0f639dc
OS X Kernel Nvidia Driver Unchecked Array Index
Posted Mar 22, 2016
Authored by Google Security Research, Ian Beer

Mac OS X kernel has an issue where an unchecked array index can be used to read an object pointer then call a virtual method in the Nvidia GEForce driver.

tags | exploit, kernel
systems | linux, apple, osx
advisories | CVE-2016-1741
SHA-256 | 8f940c5ed303d010b19d9f30337e7546f4aff5203b1fbca11bcbe729635d754b
OS X Kernel Use-After-Free / Double Delete
Posted Mar 22, 2016
Authored by Google Security Research, Ian Beer

The Mac OS X kernel suffers from use-after-free and double delete issues due to incorrect locking in the Intel GPU driver.

tags | exploit, kernel
systems | linux, apple, osx
advisories | CVE-2016-1744
SHA-256 | ca15dbb2b908cc1bd1b9e630c704f934d111095bea1cb1c8e14eacb07227a2e0
Adobe Flash setInterval Use-After-Free
Posted Mar 22, 2016
Authored by Google Security Research, natashenka

There is a use-after-free in setInterval. If the interval length is an object with valueOf defined, this method gets executed, and can delete the object the interval is being set on.

tags | exploit
systems | linux
advisories | CVE-2016-0988
SHA-256 | cc2adc9a2940710a875fafa69fdae84c7e355762d1060554d76af5275b287193
Adobe Flash Sound.setTransform Use-After-Free
Posted Mar 22, 2016
Authored by Google Security Research, natashenka

There is a use-after-free in Sound.setTransform similar to the one described in CVE-2015-8434. If the transform object provided is an integer primitive, and the Number constructor is overwritten, this constructor will be executed and can free the internal sound transform, which is then written to.

tags | exploit
systems | linux
advisories | CVE-2015-8434, CVE-2016-0987
SHA-256 | 9cf5ceec9d1b8789d8ae0b14a3c45b7fe4d93c657668793da9239af45b02f16d
OS X / iOS Suid Binary Logic Error Code Execution
Posted Mar 22, 2016
Authored by Google Security Research, Ian Beer

The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vm_map into the old task object leaving a short race window where we can manipulate the memory of the euid(0) process before the old task port is destroyed.

tags | exploit
systems | linux
advisories | CVE-2016-1757
SHA-256 | 6be58b3f0fc092cb166e20a9e2e0ef99de307b957f1541a6ea0dd7a8f7ca8531
Adobe Flash Shape Rendering Crash
Posted Mar 22, 2016
Authored by Google Security Research, natashenka

An included fuzzing case demonstrates a crash in Adobe Flash shape rendering.

tags | exploit
systems | linux
advisories | CVE-2016-1002
SHA-256 | efc9af51bcd69cfee5ecf9979add44fc4891f75646247fc53ec96acdedf5bccb
Securimage 3.6.2 Cross Site Scripting
Posted Mar 22, 2016
Site redteam-pentesting.de

Securimage version 3.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cef5c2470c562793c29df7022f016d538fa8aecde6d8f3749e5047f3dfdb89ee
WordPress HB Audio Gallery Lite 1.0.0 Arbitrary File Download
Posted Mar 22, 2016
Authored by CrashBandicot

WordPress HB Audio Gallery Lite plugin version 1.0.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | 56a6cc400f6bf87cdcab4b117e69833f99576b61f0f4dfc5d6693a04f1f226ed
Adobe Flash Wild Write Crash
Posted Mar 22, 2016
Authored by Chris Evans, Google Security Research

Adobe Flash suffers from a wild write at 0x453b0cf0 in color conversion that causes a crash.

tags | exploit
systems | linux
advisories | CVE-2015-5575
SHA-256 | 051621ef0094ab8b55b05d6b364d50f6b9948eb005475d56a5738771d2f6685f
Adobe Flash Content Information Leak
Posted Mar 22, 2016
Authored by Chris Evans, Google Security Research

Adobe Flash suffers from an information leak that may render non-deterministic content that apparently contains pointers.

tags | exploit
systems | linux
advisories | CVE-2015-5576
SHA-256 | 41c6dbb42e26cd157241d1aeb71129cad02abd56098cd0be0d24a4218914f04d
Adobe Flash AAC Audio Handling Out-Of-Bounds Read
Posted Mar 22, 2016
Authored by Chris Evans, Google Security Research

Adobe Flash suffers from an out-of-bounds read in AAC audio handling.

tags | exploit
systems | linux
advisories | CVE-2015-5577
SHA-256 | 4bcaa997a98d2899f0ece2d75dffe49e567d8dc983b849e3e2064ea6b326e3c7
Adobe Flash Negative Table Indexing Out-Of-Bounds Crash
Posted Mar 22, 2016
Authored by Chris Evans, Google Security Research

Adobe Flash suffers from an out-of-bounds crash due to a negative table indexing error loading an 8-byte wide value.

tags | exploit
systems | linux
advisories | CVE-2015-5578
SHA-256 | b3ad0dc02ed41ab14eba6c462db84fb45a39c098eb29704bf6b8223a07f586b3
Adobe Flash Corrupt Stack Crash
Posted Mar 22, 2016
Authored by Chris Evans, Google Security Research

Adobe Flash has an issue where a corrupt stack leads to misaligned XMM instruction decoding h.264.

tags | exploit
systems | linux
advisories | CVE-2015-5579
SHA-256 | 086db050537a7703e18f330b90eadb38bd185e96a3d67e197511bc2195eeb98f
Adobe Flash Wild Pointer Crash
Posted Mar 22, 2016
Authored by Chris Evans, Google Security Research

Adobe Flash suffers from a crash due to a wild pointer 0x1808121a502959a4 decoding h.264.

tags | exploit
systems | linux
advisories | CVE-2015-5580
SHA-256 | 74a5f32e448690af1d7c9d399017241a40f3bdb279dde7a3861f9ea7c03354ce
Achievo 1.4.5 Cross Site Scripting
Posted Mar 22, 2016
Authored by SECUPENT

Achievo version 1.4.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2bb51e2f4e2f8702ae0035b8966a60f8a3ecf72ef374d448dab6e86e0d05ee6d
AbsoluteTelnet 10.14 DLL Hijacking
Posted Mar 21, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

AbsoluteTelnet version 10.14 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 2129cfd8f7159c9f48e17173b9fc9fa7e5f92f84ba90cf738827dec0c074e314
D-Link DWR-932 Authentication Bypass / Password Disclosure
Posted Mar 21, 2016
Authored by Saeed reza Zamanian

D-Link DWR-932 with firmware versions 4.00 and below suffer from authentication bypass and password disclosure vulnerabilities.

tags | exploit, vulnerability, bypass
SHA-256 | f86505f0c1e4921225059a0b8cf6188a72de7d3c8ab3ee65fa7c5bc636a0fd1b
WordPress eBook Download 1.1 Directory Traversal
Posted Mar 21, 2016
Authored by Wadeek

WordPress eBook Download plugin version 1.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 318fb4f76e3092c8ff33ac73fd09fc95ac7ed8b8879301abfb411e910e2b8bba
WordPress Import CSV 1.1 Directory Traversal
Posted Mar 21, 2016
Authored by Wadeek

WordPress Import CSV plugin version 1.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 707a5fc82a6731639583d67130bd989dfed85f9b4b0f10af7dcc9e0f8b036b3c
DORG Cross Site Scripting / SQL Injection
Posted Mar 21, 2016
Authored by SECUPENT

DORG Disc Organization System suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | b7f23955a8300938467a5000dab30ca14634b797f3fb1d7e029e85191454903c
Page 4 of 8
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close