exploit the possibilities
Showing 1 - 25 of 1,587 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2021-05-10
AWS CloudShell Terminal Escape Injection / Remote Code Execution
Posted May 10, 2021
Authored by Google Security Research, Felix Wilhelm

The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance.

tags | exploit, remote, javascript, code execution
MD5 | a07ebf4a753f14e46c966e23a4c3cf0b
Android Memory Disclosure / Out-Of-Bounds Write / Double-Free
Posted May 7, 2021
Authored by Google Security Research, nedwill

Android suffers from memory disclosure, out-of-bounds write, and double-free vulnerabilities in NFC's Felica tag handling.

tags | exploit, vulnerability
advisories | CVE-2021-0473
MD5 | 8d8d54d0917860623f3f6575fafe62b0
Android NFC Stack Out-Of-Bounds Write
Posted Apr 28, 2021
Authored by Google Security Research, nedwill

Android suffers from an out-of-bounds write in the NFC stack when handling MIFARE Classic TLVs.

tags | exploit
advisories | CVE-2021-0430
MD5 | 1876be15a92df0d791bf35ae3be87ae4
xscreensaver Raw Socket Leak
Posted Apr 19, 2021
Authored by Tavis Ormandy, Google Security Research

xscreensaver suffers from a raw socket leak vulnerability. Proof of concept exploit demonstrates running tcpdump via this issue.

tags | exploit, proof of concept
MD5 | 48106b83c9aba927ebf03a5ccbadc196
Microsoft Windows SCM Remote Access Check Limit Bypass Privilege Escalation
Posted Apr 14, 2021
Authored by James Forshaw, Google Security Research

The access limit check for non-local admins when accessing the SCM remotely can be bypassed by requesting MAXIMUM_ALLOWED, leading to gaining access to start services etc.

tags | exploit, local
advisories | CVE-2021-27086
MD5 | 281e52fe6059770b5acb2e965164e4a3
iOS / macOS Radio Proximity Kernel Memory Corruption
Posted Apr 7, 2021
Authored by Google Security Research, ianbeer

A radio proximity kernel memory corruption vulnerability exists in iOS and macOS due to bad state machine in BSS steering.

tags | exploit, kernel
systems | ios
advisories | CVE-2020-3843, CVE-2020-9906
MD5 | 5ff730e5556e80e223e58b23eca60fa1
Adobe Reader CoolType Arbitrary Stack Manipulation
Posted Mar 18, 2021
Authored by Google Security Research, mjurczyk

Adobe Reader suffers from a CoolType arbitrary stack manipulation vulnerability.

tags | exploit, arbitrary
advisories | CVE-2021-21086
MD5 | 07bd21c6148b74a3ebd51754bc5c4290
macOS CoreGraphics Integer Overflow / Out-Of-Bounds Write
Posted Mar 15, 2021
Authored by Ivan Fratric, Google Security Research

CoreGraphics can be made to write out-of-bounds memory when rendering a specially crafted font. This vulnerability can also be triggered through Safari. The vulnerability was confirmed on macOS Big Sur version 11.1.

tags | exploit
advisories | CVE-2021-1776
MD5 | e9e23aad1bac7d9d3a5382c82a4cc581
Microsoft Windows Kernel NtGdiGetDeviceCapsAll Race Condition / Use-After-Free
Posted Mar 12, 2021
Authored by Google Security Research, mjurczyk

Microsoft Windows kernel suffers from a use-after-free of the PDEVOBJ object via a race condition vulnerability in NtGdiGetDeviceCapsAll.

tags | exploit, kernel
systems | windows
advisories | CVE-2021-26863
MD5 | 31454c2dcf01b0dc4bbe498526c27f84
F5 Big IP ASM is_hdr_criteria_matches Buffer Overflow
Posted Mar 11, 2021
Authored by Google Security Research, Felix Wilhelm

The bd daemon, which runs as part of the F5 BIG-IP Application Security Manager (ASM), is vulnerable to a stack-based buffer overflow when processing overlong HTTP response headers in the is_hdr_criteria_matches function.

tags | exploit, web, overflow
advisories | CVE-2021-22992
MD5 | fb4bb5a73422ead38863ca80421b7215
F5 Big IP TMM uri_normalize_host Information Disclosure / Out-Of-Bounds Write
Posted Mar 11, 2021
Authored by Google Security Research, Felix Wilhelm

Big IP's Traffic Management Microkernels (TMM) URI normalization incorrectly handles invalid IPv6 hostnames allowing for information disclosure and an out-of-bounds write condition.

tags | exploit, info disclosure
advisories | CVE-2021-22991
MD5 | 7bbc96ec1d50a3a238d0764ad16101ea
Microsoft Windows Containers Host Registry Privilege Escalation
Posted Mar 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows Containers Host Registry Virtual Registry Provider does not correctly handle relative opens leading to a process in a server silo being able to access the host registry leading to elevation of privilege.

tags | exploit, registry
systems | windows
advisories | CVE-2021-26864
MD5 | 6305bd287c8bfb28100d961cbddfdabb
Microsoft Windows Containers Privilege Escalation
Posted Mar 10, 2021
Authored by James Forshaw, Google Security Research

The standard user ContainerUser in a Windows Container has elevated privileges and High integrity level which results in making it administrator equivalent even though it should be a restricted user.

tags | exploit
systems | windows
advisories | CVE-2021-26891
MD5 | 70e9e9e164d2ee60daaa05a5afd67fe4
Microsoft Windows Containers AppSilo Object Manager Privilege Escalation
Posted Mar 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has an issue with containers where the kernel incorrectly chooses the wrong silo when looking up the root object manager directory leading to elevation of privilege.

tags | exploit, kernel, root
systems | windows
advisories | CVE-2021-26865
MD5 | d249fdb9dab1efdef449b7c32504cdc9
Microsoft Windows WindowsCodecsRaw!COlympusE300LoadRaw Out-Of-Bounds Write
Posted Mar 9, 2021
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds write vulnerability in WindowsCodecsRaw.dll in the COlympusE300LoadRaw::olympus_e300_load_raw function that can be triggered by parsing a crafted Olympus E300 raw image with Windows Imaging Component (WIC). The vulnerability has been reproduced on Windows 10 64-bit with the most recent patches applied.

tags | exploit
systems | windows
advisories | CVE-2021-24091
MD5 | 815147d984fdba3d24de7e30eaacb8fb
Package Control Arbitrary File Write
Posted Feb 26, 2021
Authored by Google Security Research, Felix Wilhelm

Package Control suffers from an arbitrary file write vulnerability.

tags | exploit, arbitrary
MD5 | fc1001c8bbe8a7cae533f770aa149604
Microsoft DirectWrite fsg_ExecuteGlyph Buffer Overflow
Posted Feb 26, 2021
Authored by Google Security Research, mjurczyk

Microsoft DirectWrite suffers from a heap-based buffer overflow vulnerability in fsg_ExecuteGlyph while processing variable TTF fonts.

tags | exploit, overflow
advisories | CVE-2021-24093
MD5 | 2de67da6a3c68e4e7554e5dc2ee4743e
Chrome DataElement Out-Of-Bounds Read
Posted Feb 26, 2021
Authored by Google Security Research, Mark Brand

Chrome suffers from an out-of-bounds read vulnerability in network DataElement struct traits.

tags | exploit
advisories | CVE-2020-16041
MD5 | 73c96566e94e07ed3318c4a92b7a01b4
Microsoft Windows Server Silo Registry Key Symbolic Link Privilege Escalation
Posted Feb 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has a privilege escalation vulnerability. When a process is running in a server silo, the checks for trusted hive registry key symbolic links is disabled leading to elevation of privilege.

tags | exploit, registry
systems | windows
advisories | CVE-2021-24096
MD5 | 91697f9020080e5254805aa5e5e1cc57
Chrome ClipboardWin::WriteBitmap Heap Buffer Overflow
Posted Feb 9, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap buffer overflow in ClipboardWin::WriteBitmap.

tags | exploit, overflow
advisories | CVE-2020-16025
MD5 | e662c8bbb6a52764c274f15d1f509097
Chrome SkBitmapOperations::UnPreMultiply Heap Buffer Overflow
Posted Feb 9, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap buffer overflow vulnerability in SkBitmapOperations::UnPreMultiply.

tags | exploit, overflow
advisories | CVE-2020-16024
MD5 | 32c9b241209db64702e60f06a67675c4
Apple CoreText libType1Scaler.dylib Out-Of-Bounds Write / Integer Overflow
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libType1Scaler.dylib suffers from a heap out-of-bounds-write due to an integer overflow vulnerability in STOREWV othersubr.

tags | exploit, overflow
systems | apple
advisories | CVE-2020-27944
MD5 | b33deb9c9fd77bb9f85fcccf5c952979
Apple CoreText libFontParser.dylib Stack Corruption
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libFontParser.dylib suffers from a stack corruption vulnerability in the handling of /BlendDesignPositions Type 1 objects.

tags | exploit
systems | apple
advisories | CVE-2020-0938, CVE-2020-29624
MD5 | c178252e4ec3ca797a19785947f03896
Apple CoreText libType1Scaler.dylib Buffer Overflow
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libType1Scaler.dylib suffers from a heap buffer overflow vulnerability in the Counter Control Hints.

tags | exploit, overflow
systems | apple
advisories | CVE-2020-27943
MD5 | c4ea7a179bb02915471d29ae7a729d9e
Apple CoreText libType1Scaler.dylib Memory Disclosure
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libType1Scaler.dylib suffers from a memory disclosure vulnerability via an uninitialized transient array.

tags | exploit
systems | apple
advisories | CVE-2020-27946
MD5 | 58a55471b1e336a6f7a00a43543274c3
Page 1 of 64
Back12345Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close