exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-10-29

Raptor WAF 0.3
Posted Oct 29, 2016
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

Changes: Various updates.
tags | tool, web, firewall, xss, sql injection
systems | unix
SHA-256 | e124a10f5e1cc12f366263958aeaf678bc45ef125e7d80430afc2808ac8cf4a5
NVIDIA 0x10000e9 Missing Bounds Check / Buffer Overflow
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The escape handler for 0x10000e9 lacks bounds checks, and passes a user specified size as the size to memcpy, resulting in a stack buffer overflow.

tags | exploit, overflow
advisories | CVE-2016-8807
SHA-256 | e764018c50128a89c728c3202c374cd2eee6b13beea7305fa6c32f6c0bab6212
NVIDIA 0x7000014 Missing Bounds Check / Buffer Overflow
Posted Oct 29, 2016
Authored by Google Security Research, ochang

There is a missing bounds check in inner loop of the escape handler for 0x7000014 that leads to a stack buffer overflow.

tags | exploit, overflow
advisories | CVE-2016-8805
SHA-256 | 6154ad3c9f831583ddc42198a12cfa12363713dc40cd3172b448eda799e5eae1
Gentoo Linux Security Advisory 201610-09
Posted Oct 29, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-9 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 54.0.2840.59 are affected.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137, CVE-2016-5138, CVE-2016-5139, CVE-2016-5140, CVE-2016-5141, CVE-2016-5142, CVE-2016-5143, CVE-2016-5144, CVE-2016-5145, CVE-2016-5146, CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154
SHA-256 | ad761228304f4fe9f8b6ce1842cf6603b66fd22ae641b2101ff84d93f1db9fcf
NVIDIA 0x70000d5 DxgkDdiEscape Handler Bounds Checking
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x70000d5 lacks bounds checks.

tags | exploit
advisories | CVE-2016-8808
SHA-256 | 217f80d673facc15accb636f625922543219ec6b5feb5df98734f4a373cb88c7
NVIDIA 0x7000170 DxgkDdiEscape Handler Bounds Checking
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x7000170 lacks proper bounds checks for the variable size input escape data, and relies on a user provided size as the upper bound for writing output.

tags | exploit
advisories | CVE-2016-8811
SHA-256 | 7290a345ac11921d719fab843f9ee44533b83cdd39e09fc45d06819460973000
NVIDIA 0x100009a DxgkDdiEscape Handler Bounds Checking
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for escape 0x100009a lacks proper bounds checks.

tags | exploit
advisories | CVE-2016-8810
SHA-256 | b14a13d1b77ffa3d060b707004362638f3c5ff6e048afd8cf77611c8cdde2d1a
NVIDIA NvStreamKms PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The NvStreamKms.sys driver calls PsSetCreateProcessNotifyRoutineEx to set up a process creation notification routine. wcscpy_s is used incorrectly here, as the second argument is not the size of |Dst|, but rather the calculated size of the filename. |Dst| is a stack buffer that is at least 255 characters long. The the maximum component paths of most filesystems on Windows have a limit that is <= 255 though, so this shouldn't be an issue on normal filesystems. However, one can pass UNC paths to CreateProcessW containing forward slashes as the path delimiter, which means that the extracted filename here can be "a/b/c/...", leading to a buffer overflow. Additionally, this function has no stack cookie.

tags | exploit, overflow
systems | windows
advisories | CVE-2016-8812
SHA-256 | d534aa5dbfaaf39a96770f8f3d77175a1058baafc21fe140187d747f2c80d76a
NVIDIA 0x5000027 DxgkDdiEscape Handler Write
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x5000027 accepts a user provided pointer, but does no checks on it before using it.

tags | exploit
advisories | CVE-2016-8806
SHA-256 | ad8c4174f1e08e6564d58aa2d42e1e83d8e014e6a4e5db8020415f6aba4ec946
NVIDIA 0x100010b Missing Bounds Check
Posted Oct 29, 2016
Authored by Google Security Research, ochang

NVIDIA suffers from a missing bounds check in escape 0x100010b.

tags | exploit
advisories | CVE-2016-7391
SHA-256 | 0ac6c7ff8137b4f4210690565bb24e9090b98312b19fb5b9f81228ab56b1211c
NVIDIA 0x70001b2 DxgkDdiEscape Handler Bounds Checking
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x70001b2 doesn't do proper bounds checks for its variable size input.

tags | exploit
advisories | CVE-2016-8809
SHA-256 | 3f0707279202aa000fc87188c9423545af5ea5238e8a0a0747d912d04badb09d
NVIDIA Unchedked Write
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x700010d accepts a user provided pointer as the destination for a memcpy call, without doing any checks on said pointer.

tags | exploit
advisories | CVE-2016-7385
SHA-256 | 00028040fc1696111b53b38186779858df513b4aa81a7ab2a7c1d708f6b717c5
NVIDIA 0x600000D Unchecked Write
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x600000D passes an unchecked user provided pointer as the destination for a memcpy call. This leads to kernel memory corruption.

tags | exploit, kernel
advisories | CVE-2016-7387
SHA-256 | 88df8868b62f20e6af812714d8f4fbc7c341957f6633b3258e0389967bc4db8e
Mac OS X 10.11.6 launchd Message Control
Posted Oct 29, 2016
Authored by Google Security Research, Ian Beer

A logic issue in launchd message requeuing allows arbitrary mach message control. Mac OS X version 10.11.6 is affected.

tags | advisory, arbitrary
systems | apple, osx
advisories | CVE-2016-4675
SHA-256 | 0c4a95bb9942e2aa50c7ff4c3ea1baae30e2d99475cd575f65c1e1f70c6285a5
NVIDIA Leaked ExAllocatePoolWithTag Memory
Posted Oct 29, 2016
Authored by Google Security Research, ochang

NVIDIA escape code leaks uninitialized ExAllocatePoolWithTag memory to userspace.

tags | exploit
advisories | CVE-2016-7386
SHA-256 | f708d6be27d7323b5b92bfefe4673bcc69a708dc90f8c96a6211dd65b7f7b009
Mac OS X / iOS mach_ports_register Memory Safety Issues
Posted Oct 29, 2016
Authored by Google Security Research, Ian Beer

Multiple memory safety issues exist in Mac OS X and iOS inside of mach_ports_register.

tags | exploit
systems | cisco, apple, osx, ios
advisories | CVE-2016-4669
SHA-256 | 164ada40109fdf8bff76ff09d76b270061f06289e2e74b857944849bdf5cb42e
NVIDIA UVMLiteController Unchecked Input / Output
Posted Oct 29, 2016
Authored by Google Security Research, ochang

NVIDIA's UVMLiteController ioctl handling in nvlddmkm.sys failed to provide proper length checking.

tags | exploit
advisories | CVE-2016-7384
SHA-256 | 35df092ce423d70fd6bbcf76399d366b6e2c33dd7474e617edb4a4aae54093e8
NVIDIA DxgkDdiEscape Memory Corruption
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x7000194 doesn't do bounds checking with the user provided lengths it receives. When these lengths are passed to memcpy, overreads and memory corruption can occur.

tags | exploit
advisories | CVE-2016-7390
SHA-256 | fe4199c90270a4da962ed45b45ddf04bfdf0f113751182e41c3f39b735a8f2c9
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close