exploit the possibilities
Showing 1 - 25 of 1,572 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2021-02-26
Package Control Arbitrary File Write
Posted Feb 26, 2021
Authored by Google Security Research, Felix Wilhelm

Package Control suffers from an arbitrary file write vulnerability.

tags | exploit, arbitrary
MD5 | fc1001c8bbe8a7cae533f770aa149604
Microsoft DirectWrite fsg_ExecuteGlyph Buffer Overflow
Posted Feb 26, 2021
Authored by Google Security Research, mjurczyk

Microsoft DirectWrite suffers from a heap-based buffer overflow vulnerability in fsg_ExecuteGlyph while processing variable TTF fonts.

tags | exploit, overflow
advisories | CVE-2021-24093
MD5 | 2de67da6a3c68e4e7554e5dc2ee4743e
Chrome DataElement Out-Of-Bounds Read
Posted Feb 26, 2021
Authored by Google Security Research, Mark Brand

Chrome suffers from an out-of-bounds read vulnerability in network DataElement struct traits.

tags | exploit
advisories | CVE-2020-16041
MD5 | 73c96566e94e07ed3318c4a92b7a01b4
Microsoft Windows Server Silo Registry Key Symbolic Link Privilege Escalation
Posted Feb 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has a privilege escalation vulnerability. When a process is running in a server silo, the checks for trusted hive registry key symbolic links is disabled leading to elevation of privilege.

tags | exploit, registry
systems | windows
advisories | CVE-2021-24096
MD5 | 91697f9020080e5254805aa5e5e1cc57
Chrome ClipboardWin::WriteBitmap Heap Buffer Overflow
Posted Feb 9, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap buffer overflow in ClipboardWin::WriteBitmap.

tags | exploit, overflow
advisories | CVE-2020-16025
MD5 | e662c8bbb6a52764c274f15d1f509097
Chrome SkBitmapOperations::UnPreMultiply Heap Buffer Overflow
Posted Feb 9, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap buffer overflow vulnerability in SkBitmapOperations::UnPreMultiply.

tags | exploit, overflow
advisories | CVE-2020-16024
MD5 | 32c9b241209db64702e60f06a67675c4
Apple CoreText libType1Scaler.dylib Out-Of-Bounds Write / Integer Overflow
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libType1Scaler.dylib suffers from a heap out-of-bounds-write due to an integer overflow vulnerability in STOREWV othersubr.

tags | exploit, overflow
systems | apple
advisories | CVE-2020-27944
MD5 | b33deb9c9fd77bb9f85fcccf5c952979
Apple CoreText libFontParser.dylib Stack Corruption
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libFontParser.dylib suffers from a stack corruption vulnerability in the handling of /BlendDesignPositions Type 1 objects.

tags | exploit
systems | apple
advisories | CVE-2020-0938, CVE-2020-29624
MD5 | c178252e4ec3ca797a19785947f03896
Apple CoreText libType1Scaler.dylib Buffer Overflow
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libType1Scaler.dylib suffers from a heap buffer overflow vulnerability in the Counter Control Hints.

tags | exploit, overflow
systems | apple
advisories | CVE-2020-27943
MD5 | c4ea7a179bb02915471d29ae7a729d9e
Apple CoreText libType1Scaler.dylib Memory Disclosure
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libType1Scaler.dylib suffers from a memory disclosure vulnerability via an uninitialized transient array.

tags | exploit
systems | apple
advisories | CVE-2020-27946
MD5 | 58a55471b1e336a6f7a00a43543274c3
XNU Kernel Mach Message Trailers Memory Disclosure
Posted Feb 5, 2021
Authored by Google Security Research, ianbeer

The XNU kernel suffers from a memory disclosure vulnerability in mach message trailers.

tags | exploit, kernel
advisories | CVE-2020-27950
MD5 | fd485ea94f3d1c1a1348a97feddde88b
XNU Kernel Turnstiles Type Confusion
Posted Feb 5, 2021
Authored by Google Security Research, ianbeer

The XNU kernel suffers from a type confusion vulnerability in turnstiles.

tags | exploit, kernel
advisories | CVE-2020-27932
MD5 | a0391836c332c430261f0d75f705ed5a
Apple Safari Remote Code Execution
Posted Feb 5, 2021
Authored by Google Security Research, mjurczyk

Apple Safari is susceptible to a remote code execution vulnerability via an undefined othersubr in Type 1 fonts handled by libType1Scaler.dylib on macOS and iOS.

tags | exploit, remote, code execution
systems | apple, ios
advisories | CVE-2020-27930
MD5 | 46ada3aa4a5cf57b7f656c84696a56cc
GPG libgcrypt Heap Buffer Overflow
Posted Feb 1, 2021
Authored by Tavis Ormandy, Google Security Research

There is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data and no verification or signature is validated before the vulnerability occurs.

tags | exploit, overflow
MD5 | 9a0ae509391275947c719943ee40c587
Glibc Character Conversion Assertion
Posted Jan 29, 2021
Authored by Tavis Ormandy, Google Security Research

If an application uses iconv() with an attacker specified character set, there's an assertion in the gconv buffer management code that can be triggered, crashing the application. The crash only occurs with ISO-2022-JP-3 encoding.

tags | advisory
MD5 | 95357505e4eb0edd827bee432e14e8e7
Node.js TLSWrap Use-After-Free
Posted Jan 5, 2021
Authored by Google Security Research, Felix Wilhelm

Node version 14.11.0 is vulnerable to a use-after-free bug in its TLS implementation.

tags | exploit
MD5 | 605c74b7f6ed00900884dafc459cf57e
Microsoft Windows splWOW64 Privilege Escalation
Posted Dec 23, 2020
Authored by Google Security Research, Maddie Stone

CVE-2020-0986, which was exploited in the wild, was not fixed. The vulnerability still exists, just the exploitation method had to change. A low integrity process can send LPC messages to splwow64.exe (Medium integrity) and gain a write-what-where primitive in splwow64’s memory space. The attacker controls the destination, the contents that are copied, and the number of bytes copied through a memcpy call.

tags | exploit
advisories | CVE-2020-0986, CVE-2020-17008
MD5 | 43653a72a19a4fb4ecc7c809b0ae1e68
usrsctp COOKIE-ECHO Use-After-Free
Posted Dec 23, 2020
Authored by Google Security Research, Tim Willis

usrsctp suffers from a use-after-free write when handling a malicious COOKIE-ECHO.

tags | exploit
MD5 | a155eaa93037f6e176e030160ef6c1d6
Linux TIOCSPGRP Broken Locking
Posted Dec 22, 2020
Authored by Jann Horn, Google Security Research

Linux suffers from broken locking in TIOCSPGRP that can lead to a corrupted refcount.

tags | exploit
systems | linux
advisories | CVE-2020-29661
MD5 | d37fdf0d783b8893341574d9756e44cb
macOS ImageIO Out-Of-Bounds Write
Posted Dec 16, 2020
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds write vulnerability when decoding a malformed PICT image on macOS. The vulnerability has been confirmed on the latest stable macOS version.

tags | exploit
advisories | CVE-2020-29611
MD5 | f62261f5660f9ced363ae4dabdfa325f
Qualcomm Adreno GPU PID Reuse Mapping Leak
Posted Dec 15, 2020
Authored by Google Security Research, hawkes

Qualcomm Adreno GPU PID reuse can lead to a shared mapping leak vulnerability.

tags | exploit
advisories | CVE-2020-11311
MD5 | 35acf4ac51c404442520651898879148
usrsctp HMAC Generation Out-Of-Bounds Access
Posted Dec 14, 2020
Authored by Google Security Research, Felix Wilhelm

usrsctp suffers from insecure HMAC generation that can lead to out-of-bounds access.

tags | exploit
MD5 | 60dae1b024aad137dbbc2e032f8413ac
usrsctp pending_reply_queue Out-Of-Bounds Access
Posted Dec 14, 2020
Authored by Google Security Research, Felix Wilhelm

usrsctp suffers from a usrsctp pending_reply_queue out-of-bounds access vulnerability.

tags | exploit
MD5 | fbfd1f9af88626326bb98128c859b372
Microsoft Windows WOF FSCTL_SET_REPARSE_POINT_EX Cached Signing Level Bypass
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows WOF filter driver does not correctly handle the reparse point setting which allows for an arbitrary file to be cached signed leading to a bypass of UMCI.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-17139
MD5 | 6ef17e92e2a41526202eea6e0a2e23cb
Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess Registry Key Creation / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess function allows a user to create arbitrary registry keys in the .DEFAULT users hive leading to elevation of privilege.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2020-17103
MD5 | 1dedadce5dfb6b98c3be28c5271c765b
Page 1 of 63
Back12345Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close