what you don't know can hurt you
Showing 26 - 50 of 1,649 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2022-01-24
WebKit DOMWindow::open Heap Use-After-Free
Posted Oct 14, 2021
Authored by Google Security Research, Glazvunov

WebKit suffers from a heap use-after-free vulnerability in DOMWindow::open.

tags | exploit
advisories | CVE-2021-30849
MD5 | fcb529386a430d5c97cf9addb3eafc75
WebKit EventHandler::keyEvent Heap Use-After-Free
Posted Oct 14, 2021
Authored by Google Security Research, Glazvunov

WebKit suffers from a heap use-after-free vulnerability in EventHandler::keyEvent.

tags | exploit
advisories | CVE-2021-30848
MD5 | 0f7868eaf28b9a9f6b987cd467e31156
WebKit PointerCaptureController::processPendingPointerCapture Heap Use-After-Free
Posted Oct 14, 2021
Authored by Google Security Research, Glazvunov

WebKit suffers from a heap use-after-free vulnerability in PointerCaptureController::processPendingPointerCapture.

tags | exploit
advisories | CVE-2021-30846
MD5 | 85982c0cc7c08c6c433738b10d8364c7
Chrome HRTFDatabaseLoader::WaitForLoaderThreadCompletion Data Race
Posted Sep 22, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a HRTFDatabaseLoader::WaitForLoaderThreadCompletion data race condition.

tags | exploit
advisories | CVE-2021-30603
MD5 | 0aaadc59ac484d75a50e47a84bef9a4b
Internet Explorer JIT Optimization Memory Corruption
Posted Sep 10, 2021
Authored by Ivan Fratric, Google Security Research

Internet Explorer suffers from an issue where incorrect JIT optimization in jscript9.dll leads to memory corruption.

tags | exploit
advisories | CVE-2021-34480
MD5 | cfe73c3966a4fda1a054c3bbf8b40ca9
WebKit Element::dispatchMouseEvent Heap Use-After-Free
Posted Aug 19, 2021
Authored by Google Security Research, Glazvunov

WebKit suffers from a heap use-after-free vulnerability in Element::dispatchMouseEvent.

tags | exploit
advisories | CVE-2021-30799
MD5 | 00ae9f727423a384d7b2d0f6cc4fee8d
JavaScriptCore Crash Proof Of Concept
Posted Aug 19, 2021
Authored by Ivan Fratric, Google Security Research

JavaScriptCore suffers from a crash condition due to an uninitialized register in slow_path_profile_catch. Proof of concept that affects Safari is included.

tags | exploit, proof of concept
advisories | CVE-2021-30797
MD5 | e71c83e4865ffd73fb78888a127c18ef
WebKit WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy Heap Use-After-Free
Posted Aug 19, 2021
Authored by Google Security Research, Glazvunov

WebKit suffers from a heap use-after-free vulnerability in WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy.

tags | exploit
advisories | CVE-2021-30795
MD5 | d78ada391f19ec5a1e1fe4607e66e169
Chrome JS WasmJs::InstallConditionalFeatures Object Corruption
Posted Aug 16, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a JS object corruption vulnerability in WasmJs::InstallConditionalFeatures.

tags | exploit
advisories | CVE-2021-30561
MD5 | 82306f20d8e71a874d0ad3ab78e2655a
Microsoft Windows Malicious Software Removal Tool Privilege Escalation
Posted Aug 9, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from unsafe temporary directory use with the Malicious Software Removal Tool that can lead to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2007-0843, CVE-2015-2418
MD5 | 5aed3041b0a73a2779b0e3f52d9274ad
Microsoft Exchange AD Schema Misconfiguration Privilege Escalation
Posted Jul 29, 2021
Authored by James Forshaw, Google Security Research

The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.

tags | exploit
advisories | CVE-2021-34470
MD5 | 5f885a87a9be3f10bfe9e9e4c08c923c
Microsoft Windows WFP Default Rules AppContainer Capability Bypass Privilege Escalation
Posted Jul 20, 2021
Authored by James Forshaw, Google Security Research

The default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.

tags | exploit, tcp
MD5 | 37069deaf47980f1a4c39f62bc13ce25
Tor Half-Closed Connection Stream Confusion
Posted Jul 15, 2021
Authored by Jann Horn, Google Security Research

Tor suffers from an issue where half-closed connection tracking ignores layer_hint and due to this, entry/middle relays can spoof RELAY_END cells on half-closed streams, which can lead to stream confusion between OP and exit.

tags | exploit, spoof
advisories | CVE-2021-34548
MD5 | e8e6c45ee71383e0832c1cb3f3a8c903
Microsoft Windows CreateProcessWithLogon Write Restricted Service Privilege Escalation
Posted Jul 14, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows has an issue where you can use the CreateProcessWithLogon API to escape a write restricted service and achieve full write access as the service user.

tags | exploit
systems | windows
MD5 | 00f7a019dea4bf3a1d19442fae579890
XNU Network Stack Kernel Heap Overflow
Posted Jul 14, 2021
Authored by Google Security Research, ianbeer

XNU suffers from a network stack kernel heap overflow due to an out-of-bounds memmove in 6lowpan. Proof of concept code included.

tags | exploit, overflow, kernel, proof of concept
advisories | CVE-2020-9967, CVE-2021-30736
MD5 | 9333b7751aa7686ac0ca4c62a49c3d4e
MpEngine ASProtect Embedded Runtime DLL Memory Corruption
Posted Jul 8, 2021
Authored by Tavis Ormandy, Google Security Research

ASProtect embeds a runtime DLL that is susceptible to memory corruption. Crash testcase provided.

tags | exploit
advisories | CVE-2021-31985
MD5 | c5dfe0f9444bf0d36677505f5db2acdc
KVM nested_svm_vmrun Double Fetch
Posted Jun 30, 2021
Authored by Google Security Research, Felix Wilhelm

A KVM guest on AMD can launch a L2 guest without the Intercept VMRUN control bit by exploiting a TOCTOU vulnerability in nested_svm_vmrun. Executing vmrun from the L2 guest, will then trigger a second call to nested_svm_vmrun and corrupt svm->nested.hsave with data copied out of the L2 vmcb. For kernel versions that include the commit "2fcf4876: KVM: nSVM: implement on demand allocation of the nested state" (>=5.10), the guest can free the MSR permission bit in svm->nested.msrpm, while it's still in use and gain unrestricted access to host MSRs.

tags | exploit, kernel
advisories | CVE-2021-29657
MD5 | 814987fd3e7902c83f77c7f4aa4a3585
Microsoft Windows Filtering Platform Token Access Check Privilege Escalation
Posted Jun 23, 2021
Authored by James Forshaw, Google Security Research

The Windows Filtering Platform does not verify the token impersonation level when checking filters allowing the bypass of firewall rules leading to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2021-31970
MD5 | 982aa6db9c233f089f2999f0cd8711c3
Fedora / Gnome fscaps Issue
Posted Jun 22, 2021
Authored by Tavis Ormandy, Google Security Research

Fedora with Gnome has an issue where it is not using fscaps safely.

tags | exploit
systems | linux, fedora
MD5 | 137193ebd7236c05c0e162358341652e
Windows Kerberos AppContainer Enterprise Authentication Capability Bypass
Posted Jun 17, 2021
Authored by James Forshaw, Google Security Research

Kerberos supports a security buffer to set the target SPN of a ticket bypassing the SPN check in LSASS.

tags | exploit
advisories | CVE-2021-26414, CVE-2021-31962
MD5 | 3ff870010a0eb4e32567d271f6a816ba
Samsung NPU npu_session_format Out-Of-Bounds Write
Posted Jun 17, 2021
Authored by Google Security Research, hawkes

Samsung NPU (Neural Processing Unit) suffers from an out-of-bounds write vulnerability in npu_session_format.

tags | exploit
advisories | CVE-2021-25407
MD5 | 1d07a468d88f6847215bbd10504dbcf2
ChromeOS arc-obb-mounter Missing Path Restriction
Posted Jun 14, 2021
Authored by Jann Horn, Google Security Research

ChromeOS suffers from a missing path restriction vulnerability in arc-obb-mounter.

tags | exploit
MD5 | d37b7a8eceb81455f4119e17205b9635
Chrome SandboxedUnpacker Unsafe Shared Memory Use
Posted Jun 14, 2021
Authored by Google Security Research, Mark Brand

SandboxedUnpacker in Chrome uses shared memory in an unsafe fashion.

tags | advisory
MD5 | c1b37408c40a92f21b1c5a084fa55b6c
Internet Explorer jscript9.dll Memory Corruption
Posted Jun 9, 2021
Authored by Ivan Fratric, Google Security Research

There is a vulnerability in jscript9 that could potentially be exploited to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-1380, CVE-2021-31959
MD5 | 7bf1477df1aec690e996f9ebbce9b10c
Chrome Legacy ipc::Message Passed Via Shared Memory
Posted Jun 4, 2021
Authored by Google Security Research, Mark Brand

Looking at the Mojo implementation of Chrome's legacy IPC, the legacy ipc::Message type is transferred inside a BigBuffer.

tags | exploit
advisories | CVE-2021-21198
MD5 | 1875fce290dce6b3abaf92746666dafa
Page 2 of 66
Back12345Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    24 Files
  • 28
    Jan 28th
    14 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close