Twenty Year Anniversary
Showing 1 - 25 of 122 RSS Feed

Files from lokihardt

First Active2017-02-24
Last Active2018-07-13
macOS / iOS OfficeImporter JavaScript Injection
Posted Jul 13, 2018
Authored by Google Security Research, lokihardt

macOS and iOS suffer from a javascript injection bug in OfficeImporter.

tags | exploit, javascript
systems | cisco, ios
MD5 | 8a77e3c5cc05866fe394bdbf6a928d1b
Microsoft Edge Chakra JIT SetConcatStrMultiItemBE Type Confusion
Posted Jul 12, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with hoisted SetConcatStrMultiItemBE instructions.

tags | exploit
advisories | CVE-2018-8229
MD5 | 9b384b361e8b141c4703603f10a6db28
Microsoft Edge Chakra JIT BoundFunction::NewInstance Bug
Posted Jul 12, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a bug. BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function. The problem is, it doesn't care about the CallFlags_NewTarget flag which indicates that there's an extra argument (new.target) at the end of the argument array. So the size of the new argument array created with the CallFlags_NewTarget flag will be always 1 less then required, this leads to an out-of-bounds read.

tags | exploit
advisories | CVE-2018-8139
MD5 | 2e11fd2e309888dfb033653d982fdc23
Microsoft Edge Chakra JIT Out-Of-Bounds Reads/Writes
Posted Jul 12, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from multiple out of bounds reads and writes.

tags | exploit
advisories | CVE-2018-8145
MD5 | b73c99e652b5ab40ccfdf43c9715573b
Chrome V8 KeyAccumulator Bug
Posted Jul 12, 2018
Authored by Google Security Research, lokihardt

Chrome V8 suffers from a bug in KeyAccumulator that can cause a crash.

tags | exploit
MD5 | 9fee601d9a1d2470bc41cfa501ef0dbc
Chrome V8 PromiseAllResolveElementClosure Element Confusion
Posted Jun 7, 2018
Authored by Google Security Research, lokihardt

Chrome V8 has an element confusion issue with PromiseAllResolveElementClosure.

tags | exploit
MD5 | e846e2172648f118d3f2ff6689c37c64
Microsoft Edge Chakra EntrySimpleObjectSlotGetter Type Confusion
Posted May 31, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an issue where EntrySimpleObjectSlotGetter can have side effects that cause a type confusion vulnerability.

tags | exploit
advisories | CVE-2018-8133
MD5 | ae691da69a6f584e9d6f3d6f325cc89e
Microsoft Edge Chakra Cross Context Bug Use-After-Free
Posted May 24, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a cross context use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-0946
MD5 | f4c7a5b8adf1e791a28c344b2404f815
Microsoft Edge Chakra JIT Magic Value Type Confusion
Posted May 24, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from an issue where a magic value can cause a type confusion vulnerability.

tags | advisory
advisories | CVE-2018-0953
MD5 | 4a021dfd3c28a0b21d17bfd6d8b4c5bf
Microsoft Edge Chakra JIT Bounce Check Elimination Bug
Posted May 18, 2018
Authored by Google Security Research, lokihardt

Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instead of the control flow. This may lead to incorrectly remove the bound checks.

tags | exploit
advisories | CVE-2018-0980
MD5 | 09442d487262053ca44c67ade9eacecb
Chrome V8 ObjectDescriptor Class Bug
Posted May 4, 2018
Authored by Google Security Research, lokihardt

Chrome V8 has a bug in the ObjectDescriptor class.

tags | advisory
MD5 | eb7d7ce8d537b4c677c0f9783ad86bd4
Google Chrome V8 AwaitedPromise Update Bug
Posted Apr 26, 2018
Authored by Google Security Research, lokihardt

Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately overwritten after the call to Await, this may lead the generator to an incorrect state.

tags | exploit, javascript
advisories | CVE-2018-6106
MD5 | eb56f2216b0ca1318d166d23fcad7b4c
Google Chrome V8 Arrow Function Scope Fixing Bug
Posted Apr 26, 2018
Authored by Google Security Research, lokihardt

Google Chrome V8 suffers from an arrow function scope fixing bug.

tags | exploit
MD5 | 4d52efa2602d737aaf7180cc2543c06c
Chrome V8 JIT NodeProperties::InferReceiverMaps Type Confusion
Posted Apr 21, 2018
Authored by Google Security Research, lokihardt

Chrome V8 JIT suffers from a NodeProperties::InferReceiverMaps type confusion vulnerability.

tags | exploit
MD5 | d8ca369d4de256bff5cc0437ef5167b1
Chrome V8 JIT LoadElimination::ReduceTransitionElementsKind Bug
Posted Apr 11, 2018
Authored by Google Security Research, lokihardt

Chrome V8 JIT has a bug in LoadElimination::ReduceTransitionElementsKind.

tags | exploit
MD5 | 29850b01c4442ac8e9f2a4fed323efe8
Microsoft Edge Charka JIT Incomplete Fix For Issue 1420 #2
Posted Apr 3, 2018
Authored by Google Security Research, lokihardt

A security fix applied for Microsoft Edge Chakra JIT is incomplete.

tags | exploit
advisories | CVE-2018-0934
MD5 | 6099c93a3f08c4e81ed7de84882cba0a
Microsoft Edge Charka JIT Incomplete Fix For Issue 1420
Posted Apr 3, 2018
Authored by Google Security Research, lokihardt

A security fix applied for Microsoft Edge Chakra JIT is incomplete.

tags | exploit
advisories | CVE-2018-0933
MD5 | dc6e350de68f5b22d4f1cdba5404821b
Chrome V8 Genesis::InitializeGlobal Bugs
Posted Apr 3, 2018
Authored by Google Security Research, lokihardt

Chrome V8 has multiple bugs in Genesis::InitializeGlobal.

tags | exploit
MD5 | 0b5c156e751faddf1932eeb73dcaf083
Chrome V8 ElementsAccessorBase::CollectValuesOrEntriesImpl Type Confusion
Posted Apr 3, 2018
Authored by Google Security Research, lokihardt

Chrome V8 suffers from a type confusion vulnerability in ElementsAccessorBase::CollectValuesOrEntriesImpl.

tags | exploit
advisories | CVE-2018-6064
MD5 | e92050fc25960e3ebedf1862a29f2346
Chrome V8 JIT GetSpecializationContext Type Confusion
Posted Mar 5, 2018
Authored by Google Security Research, lokihardt

Chrome V8 JIT suffers from a type confusion vulnerability in GetSpecializationContext.

tags | exploit
MD5 | c1e3d25702ab92ccc6b9e4fa26a23ca8
Chrome V8 JIT JSBuiltinReducer::ReduceObjectCreate NULL Check Fail
Posted Mar 5, 2018
Authored by Google Security Research, lokihardt

Chrome V8 JIT JSBuiltinReducer::ReduceObjectCreate fails to ensure that the prototype is "null".

tags | exploit
MD5 | 96db4756a94460953b8651efe3b9243c
Chrome V8 Out-Of-Bounds Read
Posted Mar 5, 2018
Authored by Google Security Research, lokihardt

Chrome V8 has an empty BytecodeJumpTable that may lead to an out-of-bounds read.

tags | exploit
MD5 | 3ec3eecf67ab73ca7415c975c50dffbb
Chrome V8 JIT Optmization Bug
Posted Mar 5, 2018
Authored by Google Security Research, lokihardt

Chrome V8 JIT suffers from a simplified-lowererer IrOpcode::kStoreField, IrOpcode::kStoreElement optimization bug.

tags | exploit
MD5 | cf482c8ffa69e71cd5fd8a7fedeea173
Chrome V8 PropertyArray Integer Overflow
Posted Feb 26, 2018
Authored by Google Security Research, lokihardt

Chrome V8 suffers from an integer overflow vulnerability with PropertyArray.

tags | exploit, overflow
MD5 | a744b96818e7fa9056019e277794d0ce
Chrome V8 TranslatedState::MaterializeCapturedObjectAt Caching Bug
Posted Feb 26, 2018
Authored by Google Security Research, lokihardt

Chrome V8 suffers from a TranslatedState::MaterializeCapturedObjectAt caching bug.

tags | exploit
MD5 | 674af9848d79bb89d0a7a0de3e4d7028
Page 1 of 5
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close