exploit the possibilities
Showing 1 - 9 of 9 RSS Feed

Files from markbrand

First Active2015-08-21
Last Active2016-12-02
Android IOMXNodeInstance::enableNativeBuffers Unchecked Index
Posted Dec 2, 2016
Authored by Google Security Research, markbrand

The code in IOMXNodeInstance.cpp that handles enableNativeBuffers uses port_index without validation, leading to writing the dword value 0 or 1 at an attacker controlled offset from the IOMXNodeInstance structure.

tags | exploit
advisories | CVE-2016-6706
MD5 | 3ede6fe787ef13e46140b9f0f16c742b
Android Binder Information Disclosure
Posted Oct 12, 2016
Authored by Google Security Research, markbrand

The interaction between the kernel /dev/binder and the usermode Parcel.cpp mean that when a binder object is passed as BINDER_TYPE_BINDER or BINDER_TYPE_WEAK_BINDER, a pointer to that object (in the server process) is leaked to the client process as the cookie value. This leads to a leak of a heap address in many of the privileged binder services, including system_server.

tags | exploit, kernel
advisories | CVE-2016-6689
MD5 | e83bfb2b1a84bc813acd3debc2921da3
Android /system/bin/sdcard Stack Buffer Overflow
Posted Jun 9, 2016
Authored by Google Security Research, markbrand

There's an integer overflow issue in get_node_path_locked in /system/bin/sdcard on Android, which results in a buffer overflow.

tags | exploit, overflow
systems | linux
advisories | CVE-2016-2494
MD5 | 1bdd88725bdd46fe78efd604f1fac79e
Adobe Flash PCRE Regex Complication Logic Issue
Posted Mar 28, 2016
Authored by Google Security Research, markbrand

There's a logic error in the PCRE engine version used in Adobe Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-0318
MD5 | 43c83074e81ccb772958541a0b26c2f2
OS X Coreaudiod Calls Uninitialized Function Pointer
Posted Jan 27, 2016
Authored by Google Security Research, markbrand

com.apple.audio.coreaudiod is reachable from various sandboxes including the Safari renderer. coreaudiod is sandboxed and runs as its own user, nevertheless it has access to various other interesting attack surfaces which safari doesn't, allowing this bug to potentially form part of a full sandbox escape chain.

tags | exploit
systems | linux, apple
advisories | CVE-2015-7003
MD5 | 4ffc522752463f021b7dfadcba1ecdf9
Google Chrome Integer Overflow
Posted Nov 20, 2015
Authored by Google Security Research, markbrand

There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff windowThere's an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff window.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-6763
MD5 | f75118dcf00c75596a76a4999fdddd37
Samsung WifiHs20UtilityService Path Traversal
Posted Oct 27, 2015
Authored by Google Security Research, markbrand

A path traversal vulnerability was found in the WifiHs20UtilityService. This service is running on a Samsung S6 Edge device, and may be present on other Samsung device models. WifiHs20UtilityService reads any files placed in /sdcard/Download/cred.zip, and unzips this file into /data/bundle. Directory traversal in the path of the zipped contents allows an attacker to write a controlled file to an arbitrary path as the system user.

tags | exploit, arbitrary
systems | linux
advisories | CVE-2015-7888
MD5 | c3c06ce6ad0f16ab90edf812be408f97
Chrome Heap Overflow In Linux HID Device Handler
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

A heap overflow exists due to a 64-32 integer truncation issue in device/hid/hid_connection_linux.cc.

tags | exploit, overflow
systems | linux
MD5 | 5cb31df0587d4482ccbadd192acab163
Flash PCRE Regex Compilation Zero-length Assertion Arbitrary Bytecode Execution
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

There is an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-3042
MD5 | 263b173055757ddeee5316dc851ce253
Page 1 of 1
Back1Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    15 Files
  • 4
    Apr 4th
    5 Files
  • 5
    Apr 5th
    5 Files
  • 6
    Apr 6th
    27 Files
  • 7
    Apr 7th
    31 Files
  • 8
    Apr 8th
    18 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close