exploit the possibilities
Showing 76 - 100 of 1,404 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2019-09-16
Spidermonkey IonMonkey Incorrect Prediction
Posted Jun 25, 2019
Authored by saelo, Google Security Research

Spidermonkey IonMonkey incorrectly predicts return type of Array.prototype.pop, leading to type confusion vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2019-11707
MD5 | b9cfb835c09f9ff2359a0ac43fb9d908
Microsoft Windows Font Cache Service Insecure Sections
Posted Jun 24, 2019
Authored by James Forshaw, Google Security Research

The Windows Font Cache Service exposes section objects insecurely to low privileged users resulting in elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2019-0755
MD5 | 44c606ddd4aece1d53887c9140628a82
Microsoft Windows CmpAddRemoveContainerToCLFSLog Arbitrary File / Directory Creation
Posted Jun 24, 2019
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a CmpAddRemoveContainerToCLFSLog arbitrary file and directory creation vulnerability that allows for elevation of privilege.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2019-0755
MD5 | d2b73dca2b8642efcc867ea985e64304
Linux Race Condition Use-After-Free
Posted Jun 20, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from a use-after-free via a race condition between modify_ldt() and #BR exception.

tags | exploit
systems | linux
MD5 | bde5e2b4c6bf6932f0057efcb1d79bac
SymCrypt Infinite Loop
Posted Jun 12, 2019
Authored by Tavis Ormandy, Google Security Research

There's a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric.

tags | exploit
MD5 | 90963ad9f841cc0101c717a81a229464
Google Chrome WasmMemoryObject::Grow Use-After-Free
Posted Jun 4, 2019
Authored by Google Security Research, Glazvunov

Google Chrome suffers from a use-after-free vulnerability in WasmMemoryObject::Grow.

tags | exploit
MD5 | 1b54f37104a497f36e7e8fd202605c1b
Qualcomm Android Kernel Use-After-Free
Posted May 29, 2019
Authored by Jann Horn, Google Security Research

The Qualcomm Android kernel suffers from a use-after-free vulnerability via an incorrect set_page_dirty() in KGSL.

tags | exploit, kernel
advisories | CVE-2019-10529
MD5 | 934ee0432bced903b9c092168a681f86
Spidermonkey IonMonkey JS_OPTIMIZED_OUT Value Leak
Posted May 28, 2019
Authored by saelo, Google Security Research

Spidermonkey IonMonkey can, during a bailout, leak an internal JS_OPTIMIZED_OUT magic value to the running script. This magic value can then be used to achieve memory corruption.

tags | exploit
advisories | CVE-2019-9792
MD5 | f548194e2e5ce1c18bacbf389f666b48
JavaScript V8 Turbofan Out-Of-Bounds Read
Posted May 28, 2019
Authored by saelo, Google Security Research

JavaScript V8 Turbofan may read a Map pointer out-of-bounds when optimizing Reflect.construct.

tags | advisory, javascript
MD5 | 36998fe03e21e2360e63455dcd1824ed
Spidermonkey IonMonkey Unsafe Code Execution
Posted May 28, 2019
Authored by saelo, Google Security Research

Spidermonkey IonMonkey suffers from an issue where an unexpected ObjectGroup in the ObjectGroupDispatch operation might lead to potentially unsafe code being executed.

tags | advisory
advisories | CVE-2019-9816
MD5 | 9fd40f0341879df02a9860af01e711aa
XNU Stale Pointer Use-After-Free
Posted May 21, 2019
Authored by Google Security Research, nedwill

XNU suffers from a use-after-free vulnerability due to a stale pointer left by in6_pcbdetach.

tags | exploit
advisories | CVE-2019-8605
MD5 | a4597bf5b2e139422599f9470288ee0a
Visual Voicemail For iPhone IMAP NAMESPACE Use-After-Free
Posted May 21, 2019
Authored by Google Security Research, natashenka

Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.

tags | exploit, imap
systems | apple, iphone
advisories | CVE-2019-8613
MD5 | ee209f50afa19dc15f5533506c05c21c
JSC DFG Incorrect Decision On Behavior
Posted May 21, 2019
Authored by saelo, Google Security Research

JSC DFG's doesGC() is incorrect about the HasIndexedProperty operation's behavior on StringObjects.

tags | advisory
advisories | CVE-2019-8622
MD5 | 447815ba563e6a4e43af5179de5f3476
XNU stf_ioctl Bad Cast
Posted May 21, 2019
Authored by Google Security Research, nedwill

XNU suffers from a wild-read (and possible corruption) due to bad cast in stf_ioctl.

tags | exploit
advisories | CVE-2019-8591
MD5 | 82933fea5ae121113514f59c5ffb704c
Microsoft Windows CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration
Posted May 21, 2019
Authored by James Forshaw, Google Security Research

The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.

tags | exploit, arbitrary, kernel, registry
systems | windows
advisories | CVE-2019-0881
MD5 | b9ac41d7a345cbb537b2a935197cf91b
JavaScriptCore LICM Uninitialized Stack Variable
Posted May 21, 2019
Authored by saelo, Google Security Research

JavaScriptCore loop-invariant code motion (LICM) in DFG JIT leaves a stack variable uninitialized.

tags | exploit
advisories | CVE-2019-8623
MD5 | e3d6af3254ffc8f7e66b61e4895a6d8a
JavaScriptCore AIR Optimization Incorrectly Removes Assignment To Register
Posted May 21, 2019
Authored by saelo, Google Security Research

JavaScriptCore AIR optimization incorrectly removes assignment to register.

tags | advisory
advisories | CVE-2019-8611
MD5 | fbb7e0f88cf0da1880e1e46b1ff5975a
Chrome V8 Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Failed Check
Posted May 10, 2019
Authored by saelo, Google Security Research

Chrome V8 has an issue where JSCallReducer::ReduceArrayIndexOfIncludes in turbofan fails to insert Map checks.

tags | exploit
MD5 | c3cedb648ac563ef9c4a151be439bf86
Linux Missing Lockdown
Posted Apr 29, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from a missing locking between ELF coredump code and userfaultfd VMA modification.

tags | exploit
systems | linux
advisories | CVE-2019-11599
MD5 | 6e83b659aeebd1f611e769f9fff5b64b
systemd DynamicUser SetUID Binary Creation
Posted Apr 25, 2019
Authored by Jann Horn, Google Security Research

This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the service. This bug probably has relatively low severity, given that there are not many services yet that use DynamicUser, and the requirement of collaboration with another process limits the circumstances in which it would be useful to an attacker further; but in a system that makes heavy use of DynamicUser, it would probably have impact.

tags | exploit
advisories | CVE-2019-3844
MD5 | cb138590286ec36c3796f89c3e18cff6
Chrome NewFixedDoubleArray Integer Overflow
Posted Apr 24, 2019
Authored by Google Security Research, Glazvunov

Chrome suffers from an integer overflow vulnerability in NewFixedDoubleArray.

tags | exploit, overflow
MD5 | b26427448c9bb392f1787ea07e216e0a
VirtualBox COM RPC Interface Code Injection / Privilege Escalation
Posted Apr 24, 2019
Authored by James Forshaw, Google Security Research

The hardened VirtualBox process on a Windows host does not secure its COM interface leading to arbitrary code injection and elevation of privilege.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2017-10204
MD5 | d89a703071dfda548e916560bbdf3ffe
Linux Siemens R3964 Line Discipline Missing Lock
Posted Apr 23, 2019
Authored by Jann Horn, Google Security Research

The Siemens R3964 line discipline code in drivers/tty/n_r3964.c has a few races around its ioctl handler; for example, the handler for R3964_ENABLE_SIGNALS just allocates and deletes elements in a linked list with zero locking. This code is reachable by an unprivileged user if the line discipline is enabled in the kernel config; Ubuntu 18.04, for example, ships this line discipline as a module.

tags | exploit, kernel
systems | linux, ubuntu
MD5 | 1820caa252c106e5cc11b80e59c7e65c
Linux Overflow Via FUSE
Posted Apr 23, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from a page->_refcount overflow via FUSE with ~140GiB RAM usage.

tags | exploit, overflow
systems | linux
MD5 | 47cf01f1d9bc811d111aac20bfd03627
systemd Seat Verification Active Session Spoofing
Posted Apr 23, 2019
Authored by Jann Horn, Google Security Research

systemd suffers from a lack of seat verification in the PAM module and in turn permits the spoofing of an active session to polkit.

tags | exploit, spoof
advisories | CVE-2019-3842
MD5 | da7d4cd8a891ee21f0b9d4c6fec61329
Page 4 of 57
Back23456Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    10 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close