Twenty Year Anniversary
Showing 1 - 18 of 18 RSS Feed

Files Date: 2016-10-29

Raptor WAF 0.3
Posted Oct 29, 2016
Authored by coolervoid

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

Changes: Various updates.
tags | tool, web, firewall, xss, sql injection
systems | unix
MD5 | 87d196c47aca069695c52326ee603c92
NVIDIA 0x10000e9 Missing Bounds Check / Buffer Overflow
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The escape handler for 0x10000e9 lacks bounds checks, and passes a user specified size as the size to memcpy, resulting in a stack buffer overflow.

tags | exploit, overflow
advisories | CVE-2016-8807
MD5 | 43c3d30357d37d13324822daed5034d2
NVIDIA 0x7000014 Missing Bounds Check / Buffer Overflow
Posted Oct 29, 2016
Authored by Google Security Research, ochang

There is a missing bounds check in inner loop of the escape handler for 0x7000014 that leads to a stack buffer overflow.

tags | exploit, overflow
advisories | CVE-2016-8805
MD5 | cdc91715dbd034bbd323f9e41e1302a8
Gentoo Linux Security Advisory 201610-09
Posted Oct 29, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-9 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 54.0.2840.59 are affected.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137, CVE-2016-5138, CVE-2016-5139, CVE-2016-5140, CVE-2016-5141, CVE-2016-5142, CVE-2016-5143, CVE-2016-5144, CVE-2016-5145, CVE-2016-5146, CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154
MD5 | 8ce6136d34a7ae20b1bde0370c1687b2
NVIDIA 0x70000d5 DxgkDdiEscape Handler Bounds Checking
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x70000d5 lacks bounds checks.

tags | exploit
advisories | CVE-2016-8808
MD5 | 8f8be65fdea44b7c7e260b2a5e758c24
NVIDIA 0x7000170 DxgkDdiEscape Handler Bounds Checking
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x7000170 lacks proper bounds checks for the variable size input escape data, and relies on a user provided size as the upper bound for writing output.

tags | exploit
advisories | CVE-2016-8811
MD5 | 3e04d2cf8e88368c755f4bde0182a8dc
NVIDIA 0x100009a DxgkDdiEscape Handler Bounds Checking
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for escape 0x100009a lacks proper bounds checks.

tags | exploit
advisories | CVE-2016-8810
MD5 | e8d89d9d4a1d2fa773fb331d8a198dd1
NVIDIA NvStreamKms PsSetCreateProcessNotifyRoutineEx Stack Buffer Overflow
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The NvStreamKms.sys driver calls PsSetCreateProcessNotifyRoutineEx to set up a process creation notification routine. wcscpy_s is used incorrectly here, as the second argument is not the size of |Dst|, but rather the calculated size of the filename. |Dst| is a stack buffer that is at least 255 characters long. The the maximum component paths of most filesystems on Windows have a limit that is <= 255 though, so this shouldn't be an issue on normal filesystems. However, one can pass UNC paths to CreateProcessW containing forward slashes as the path delimiter, which means that the extracted filename here can be "a/b/c/...", leading to a buffer overflow. Additionally, this function has no stack cookie.

tags | exploit, overflow
systems | windows
advisories | CVE-2016-8812
MD5 | ad73e3e418059745e7f4fd82b7002bc9
NVIDIA 0x5000027 DxgkDdiEscape Handler Write
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x5000027 accepts a user provided pointer, but does no checks on it before using it.

tags | exploit
advisories | CVE-2016-8806
MD5 | 8cceb6965eb77154eb5807f6eb7cb1b4
NVIDIA 0x100010b Missing Bounds Check
Posted Oct 29, 2016
Authored by Google Security Research, ochang

NVIDIA suffers from a missing bounds check in escape 0x100010b.

tags | exploit
advisories | CVE-2016-7391
MD5 | bfd7669639c6713871e40b8f2b0f5a6a
NVIDIA 0x70001b2 DxgkDdiEscape Handler Bounds Checking
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x70001b2 doesn't do proper bounds checks for its variable size input.

tags | exploit
advisories | CVE-2016-8809
MD5 | 055d6f328123d92757b289cd49e66bdc
NVIDIA Unchedked Write
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x700010d accepts a user provided pointer as the destination for a memcpy call, without doing any checks on said pointer.

tags | exploit
advisories | CVE-2016-7385
MD5 | a77f10fb2d5e99892d7fe4bb791b7383
NVIDIA 0x600000D Unchecked Write
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x600000D passes an unchecked user provided pointer as the destination for a memcpy call. This leads to kernel memory corruption.

tags | exploit, kernel
advisories | CVE-2016-7387
MD5 | 4816e616ba439aebaa2a3bf1e335c54b
Mac OS X 10.11.6 launchd Message Control
Posted Oct 29, 2016
Authored by Google Security Research, ianbeer

A logic issue in launchd message requeuing allows arbitrary mach message control. Mac OS X version 10.11.6 is affected.

tags | advisory, arbitrary
systems | apple, osx
advisories | CVE-2016-4675
MD5 | 535e9aa8ea1d3f66f7673b23668db025
NVIDIA Leaked ExAllocatePoolWithTag Memory
Posted Oct 29, 2016
Authored by Google Security Research, ochang

NVIDIA escape code leaks uninitialized ExAllocatePoolWithTag memory to userspace.

tags | exploit
advisories | CVE-2016-7386
MD5 | 7c140e709fec744a811740741ca7b19d
Mac OS X / iOS mach_ports_register Memory Safety Issues
Posted Oct 29, 2016
Authored by Google Security Research, ianbeer

Multiple memory safety issues exist in Mac OS X and iOS inside of mach_ports_register.

tags | exploit
systems | cisco, apple, osx, ios
advisories | CVE-2016-4669
MD5 | f07634e9d84bf8ba6bb3b4515e3d8ada
NVIDIA UVMLiteController Unchecked Input / Output
Posted Oct 29, 2016
Authored by Google Security Research, ochang

NVIDIA's UVMLiteController ioctl handling in nvlddmkm.sys failed to provide proper length checking.

tags | exploit
advisories | CVE-2016-7384
MD5 | 23288e3c5e4b61cef92f3bbbaee8808e
NVIDIA DxgkDdiEscape Memory Corruption
Posted Oct 29, 2016
Authored by Google Security Research, ochang

The DxgkDdiEscape handler for 0x7000194 doesn't do bounds checking with the user provided lengths it receives. When these lengths are passed to memcpy, overreads and memory corruption can occur.

tags | exploit
advisories | CVE-2016-7390
MD5 | 8603473d93abfe078901fb5316441f3e
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    14 Files
  • 15
    Dec 15th
    2 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    15 Files
  • 18
    Dec 18th
    15 Files
  • 19
    Dec 19th
    4 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close