what you don't know can hurt you
Showing 101 - 125 of 1,649 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2022-01-24
Microsoft Windows WOF FSCTL_SET_REPARSE_POINT_EX Cached Signing Level Bypass
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows WOF filter driver does not correctly handle the reparse point setting which allows for an arbitrary file to be cached signed leading to a bypass of UMCI.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-17139
MD5 | 6ef17e92e2a41526202eea6e0a2e23cb
Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess Registry Key Creation / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess function allows a user to create arbitrary registry keys in the .DEFAULT users hive leading to elevation of privilege.

tags | exploit, arbitrary, registry
systems | windows
advisories | CVE-2020-17103
MD5 | 1dedadce5dfb6b98c3be28c5271c765b
Microsoft Windows Cloud Filter HsmpAccessCheck Bypass / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter access check does not take into account restrictions such as Mandatory Labels allowing a user to bypass security checks.

tags | exploit
systems | windows
advisories | CVE-2020-17134
MD5 | 294319a3f3e1683a3a6a445f71aca87b
Microsoft Windows Cloud Filter Arbitrary File Creation / Privilege Escalation
Posted Dec 9, 2020
Authored by James Forshaw, Google Security Research

The Microsoft Windows Cloud Filter driver can be abused to create arbitrary files and directories leading to elevation of privilege.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-17136
MD5 | f7cc7661ed092a8d29bb9c6c8f666a6e
Facebook Messenger For Android Forced Answer
Posted Dec 7, 2020
Authored by Google Security Research, natashenka

Facebook Messenger for Android has an issue where an SdpUpdate message can cause an audio call to connect before the callee has answered the call.

tags | exploit
MD5 | 996b474ac139e5a7edba39345522d390
Linux io_uring SUID Boundary Access Violation
Posted Dec 7, 2020
Authored by Jann Horn, Google Security Research

Linux io_uring suffers from mm and files access across suid binaries.

tags | exploit
systems | linux
MD5 | 637f9c04457efc1d0b80725cfac4b5ef
Google Duo Race Condition
Posted Dec 7, 2020
Authored by Google Security Research, natashenka

A race condition in Google Duo can cause callee to leak video packets from an unanswered call.

tags | exploit
MD5 | 70b2888d42fb8b4c3cf655a4aa27eb48
Apache 2 HTTP2 Module Concurrent Pool Usage
Posted Dec 7, 2020
Authored by Google Security Research, Felix Wilhelm

Apache 2 suffers from an issue with concurrent pool usage in the http2 module.

tags | advisory
advisories | CVE-2020-11993
MD5 | 8e2f6c32f5529339e29797af43253dee
Apache 2.4.43 mod_http2 Memory Corruption
Posted Dec 7, 2020
Authored by Google Security Research, Felix Wilhelm

Apache 2 suffers from a memory corruption vulnerability in the mod_http2 push diary implementation.

tags | exploit
advisories | CVE-2020-9490
MD5 | 8368f936e5103096fbffcf0dc212a89e
Microsoft Windows WindowsCodecsRaw!CCanonRawImageRep::GetNamedWhiteBalances Out-Of-Bounds Read
Posted Nov 13, 2020
Authored by Ivan Fratric, Google Security Research

There is an out-of bounds read vulnerability in WindowsCodecsRaw.dll while processing a malformed Canon raw image. This can potentially lead to disclosing the memory of the affected process. All applications that use Windows Image Codecs for image parsing are potentially affected. The vulnerability has been confirmed on Windows 10 v2004 with the most recent patches applied.

tags | advisory
systems | windows
advisories | CVE-2020-17113
MD5 | 1ea2260b2783f8f68dc9be4f978b3561
Microsoft Windows Local Spooler Bypass
Posted Nov 11, 2020
Authored by James Forshaw, Google Security Research

Microsoft Windows suffers from a local spooler bypass vulnerability.

tags | exploit, local, bypass
systems | windows
advisories | CVE-2020-1337, CVE-2020-17001
MD5 | 3f3c10cd2d2b0c404a73cddec7d03575
Chrome ConvertToJavaBitmap Heap Buffer Overflow
Posted Nov 9, 2020
Authored by Google Security Research, Glazvunov

Chrome on Android suffers from a ConvertToJavaBitmap heap buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2020-16011
MD5 | c8867dbfed920c86be64013795e08eb9
Chrome V8 Turbofan Type Confusion
Posted Nov 9, 2020
Authored by saelo, Google Security Research

Turbofan fails to deoptimize code after map deprecation, leading to a type confusion vulnerability.

tags | exploit
advisories | CVE-2020-16009
MD5 | 8d2abc7a60f64a99e0af818daab042a7
GitHub Widespread Injection
Posted Nov 3, 2020
Authored by Google Security Research, Felix Wilhelm

Github Actions supports a feature called workflow commands that is susceptible to widespread code injection vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2020-15228
MD5 | ed0cc8399b9664318e4cac10f05729b5
Microsoft Windows Kernel cng.sys Buffer Overflow
Posted Oct 30, 2020
Authored by Mateusz Jurczyk, Google Security Research, hawkes

The Microsoft Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape).

tags | exploit, kernel
systems | windows
advisories | CVE-2020-17087
MD5 | 6e04f989132d4f0fcd1f22d984a8aedf
FreeType Load_SBit_Png Heap Buffer Overflow
Posted Oct 28, 2020
Authored by Google Security Research, Glazvunov

FreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png.

tags | exploit, overflow
advisories | CVE-2020-15999
MD5 | 486d3f9f9d645b3bc7af767d7f2dd9cd
Chrome USB::OnServiceConnectionError Use-After-Free
Posted Oct 19, 2020
Authored by Google Security Research, Glazvunov

Chrome suffers from a use-after-free vulnerability in USB::OnServiceConnectionError.

tags | exploit
advisories | CVE-2020-6541
MD5 | 5edb5820b7d1b2c0f59e318c98fb4d0b
Chrome WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList Use-After-Free
Posted Oct 19, 2020
Authored by Google Security Research, Glazvunov

Chrome suffers from a use-after-free vulnerability in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList.

tags | exploit
advisories | CVE-2020-6550
MD5 | 411e2d70af0ac966392cea6e525962e3
Mocha For Android Audio Interception
Posted Oct 19, 2020
Authored by Google Security Research, natashenka

Mocha for Android suffers from an issue where a call can cause the callee device to send audio without user interaction.

tags | exploit
MD5 | 772edab5551c467389bb2fea0c6d8a2f
Chrome XRSystem::FocusedFrameChanged and FocusController::NotifyFocusChangedObservers Use-After-Free
Posted Oct 19, 2020
Authored by Google Security Research, Glazvunov

Chrome suffers from a use-after-free vulnerability in XRSystem::FocusedFrameChanged and FocusController::NotifyFocusChangedObservers.

tags | exploit
advisories | CVE-2020-6551
MD5 | 62c2c4c58b3d2bdb3596a004e37edb33
Chrome MediaElementEventListener::UpdateSources Use-After-Free
Posted Oct 14, 2020
Authored by Google Security Research, Glazvunov

Chrome suffers from a MediaElementEventListener::UpdateSources use-after-free vulnerability.

tags | exploit
advisories | CVE-2020-6549
MD5 | b3898822e20bcb41c1fa9b902ee4ea6d
Kubernetes AWS IAM Integration Issues
Posted Oct 13, 2020
Authored by Google Security Research, Felix Wilhelm

Kubernetes has multiple issues in aws-iam-authenticator where lax controls can lead to a lower security posture.

tags | advisory
MD5 | 0efac33980805dcdab8d64773d7981d5
JioChat For Android Audio Sniffing
Posted Oct 12, 2020
Authored by Google Security Research, natashenka

JioChat for Android has an issue where a caller can cause the callee device to send audio without user interaction.

tags | exploit
MD5 | 45419de88ff2e72571dce00f61068438
Hashicorp Vault GCP IAM Integration Authentication Bypass
Posted Oct 6, 2020
Authored by Google Security Research, Felix Wilhelm

HashiCorp Vault's GCP authentication method can be bypassed on gce type roles that do not specify bound_service_accounts. Vault does not enforce that the compute_engine data in a signed JWT token has any relationship to the service account that created the token. This makes it possible to impersonate arbitrary GCE instances, by creating a JWT token with a faked compute_engine struct, using an arbitrary attacker controlled service account.

tags | exploit, arbitrary
advisories | CVE-2020-16251
MD5 | 7b83f776aff7e235a44aa2d4f4125bb8
Hashicorp Vault AWS IAM Integration Authentication Bypass
Posted Oct 6, 2020
Authored by Google Security Research, Felix Wilhelm

HashiCorp Vault's AWS IAM authentication method can be bypassed by sending a serialized request to the STS AssumeRoleWithWebIdentity method as part of the authentication flow. The request triggers a JSON encoded response from the STS server, which can contain a fully-attacker controlled fake GetCallerIdentityResponse as part of its body. As the Vault response parser ignores non-xml content before and after the malicious response, this can be used to spoof arbitrary AWS identities and roles.

tags | exploit, arbitrary, spoof
advisories | CVE-2020-16250
MD5 | c2e3c92a813a0ec7ee985df9b624b079
Page 5 of 66
Back34567Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    24 Files
  • 28
    Jan 28th
    14 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close