exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2020-02-07

usersctp sctp_load_addresses_from_init Out-Of-Bounds Read
Posted Feb 7, 2020
Authored by Google Security Research, natashenka

usersctp is SCTP library used by a variety of software including WebRTC. There is a vulnerability in the sctp_load_addresses_from_init function of usersctp that can lead to a number of out-of-bound reads. The input to sctp_load_addresses_from_init is verified by calling sctp_arethere_unrecognized_parameters, however there is a difference in how these functions handle parameter bounds. The function sctp_arethere_unrecognized_parameters does not process a parameter that is partially outside of the limit of the chunk, meanwhile, sctp_load_addresses_from_init will continue processing until a parameter that is entirely outside of the chunk occurs. This means that the last parameter of a chunk is not always verified, which can lead to parameters with very short plen values being processed by sctp_load_addresses_from_init. This can lead to out-of-bounds reads whenever the plen is subtracted from the header len.

tags | exploit
SHA-256 | 97c80f0acd4440a67c9cef234fa02985f9feafd4eb0418feb0ed3a434ae21930
macOS/iOS IOAccelCommandQueue2::processSegmentKernelCommand() Out-Of-Bounds Timestamp Write
Posted Feb 7, 2020
Authored by Google Security Research, bazad

macOS and iOS suffers from an out-of-bounds timestamp write in IOAccelCommandQueue2::processSegmentKernelCommand().

tags | exploit
systems | ios
advisories | CVE-2020-3837
SHA-256 | 44d1c9f9c03139e137baf5a1b9455bae2035ef2354655800e429870317e03d58
macOS/iOS ImageIO PVR Processing Out-Of-Bounds Read
Posted Feb 7, 2020
Authored by saelo, Google Security Research

macOS and iOS suffer from an ImageIO out-of-bounds read when processing PVR images.

tags | exploit
systems | ios
advisories | CVE-2020-3878
SHA-256 | f6b6615ff3c10615db4544403efd534d79c5bca32c67cc20611c861580487992
macOS/iOS ImageIO PVR Image Processing Heap Corruption
Posted Feb 7, 2020
Authored by saelo, Google Security Research

macOS and iOS have an ImageIO heap corruption issue when processing malformed PVR images.

tags | exploit
systems | ios
advisories | CVE-2020-3878
SHA-256 | 546388d4bf46530e3c77204e301afd8ecd6eddfbb73e6073087f364fa8d6d25b
systemd-machined Incorrect Reference Decrement
Posted Feb 7, 2020
Authored by Tavis Ormandy, Google Security Research

systemd has an issue in systemd-machined where it decrements the reference count when references are still held.

tags | exploit
SHA-256 | 61c6cbf275014763c6c3968d740672023ca6b09cb865c03cf57eb22ce22304c9
XNU OUserClient::_sendAsyncResult64() ipc_port Pointer Disclosure
Posted Feb 7, 2020
Authored by Google Security Research, bazad

The XNU function IOUserClient::_sendAsyncResult64() discloses the address of the ipc_port to which the notification is sent in the Mach message enqueued on the notification port.

tags | exploit
advisories | CVE-2020-3836
SHA-256 | 1cba10482a4515fe180660f8993986da772e8592cc84ee4824062959ab67fb0e
macOS/iOS XNU mk_timer_create_trap() Race Condition
Posted Feb 7, 2020
Authored by Google Security Research, bazad

macOS and iOS suffer from a race condition in XNU's mk_timer_create_trap() that can lead to type confusion.

tags | exploit
systems | ios
advisories | CVE-2020-3853
SHA-256 | d1bfcbb0f7141fd12ac902ba274b00d9b3331a6891c61615250c4fbba3b53358
libx264 H264 Conversion Out-Of-Bounds Write
Posted Feb 7, 2020
Authored by Google Security Research, natashenka

libx264 suffers from an out-of-bounds write when converting to H264.

tags | exploit
SHA-256 | 111be6fbb98fc110e6e2b2c9221c300e8a2b5fde3c040bd6803fb5b1d6f39185
macOS ImageIO JPEG Out-Of-Bounds Write
Posted Feb 7, 2020
Authored by saelo, Google Security Research

ImageIO on macOS suffers from an issue where a heap out-of-bounds write occurs when processing JPEG images.

tags | exploit
advisories | CVE-2020-3827, CVE-2020-3870
SHA-256 | 0fded68d208fd526884efcafbf5ad255a269c1c26776d09f5cb316dd3ee8dc96
macOS/iOS kern_stack_snapshot_internal() Userspace Share Issue
Posted Feb 7, 2020
Authored by Google Security Research, bazad

macOS and iOS suffer from an issue where kern_stack_snapshot_internal() shares non-zeroed kernel pages with userspace.

tags | exploit, kernel
systems | ios
advisories | CVE-2020-3875
SHA-256 | 52d0584bd42acc20df7ff47526fc6df9ba5e929c135b31cd786f0169c97c85f9
macOS/iOS ImageIO DDS Image Out-Of-Bounds Read
Posted Feb 7, 2020
Authored by saelo, Google Security Research

macOS and iOS suffer from an out-of-bounds read when processing DDS images with ImageIO.

tags | exploit
systems | ios
advisories | CVE-2020-3826
SHA-256 | 2a3ee9088ec7bc67462b2f166cd760628181995daea86c0601cdd51c7b7d773f
Ricoh Driver Privilege Escalation
Posted Feb 7, 2020
Authored by Shelby Pace, Alexander Pudwill, Pentagrid AG | Site metasploit.com

This Metasploit module leverages the prnmngr.vbs script to add and delete printers. Multiple runs of this module may be required given successful exploitation is time-sensitive.

tags | exploit
advisories | CVE-2019-19363
SHA-256 | 7c9e552f55f234acffef8a364bb1a7d1ff7a39989cb75b1ba2f3f44e92de5981
D-Link ssdpcgi Unauthenticated Remote Command Execution
Posted Feb 7, 2020
Authored by secenv, s1kr10s | Site metasploit.com

This Metasploit module exploits an ssdpcgi remote command execution vulnerability in D-Link devices.

tags | exploit, remote
advisories | CVE-2019-20215
SHA-256 | ed07a259961db246757dad8786ea4ac6379a39234cdb6aa11f129b8ba5516a52
OpenSMTPD MAIL FROM Remote Code Execution
Posted Feb 7, 2020
Authored by wvu, Qualys Security Advisory | Site metasploit.com

This Metasploit module exploits a command injection in the MAIL FROM field during SMTP interaction with OpenSMTPD to execute code as the root user.

tags | exploit, root
advisories | CVE-2020-7247
SHA-256 | 57c3324e249d1cbd264a76ba4f846f6f97ae95eb20be6fe751558e8ce2444825
Bsides Brussels 2020 Call For Papers
Posted Feb 7, 2020
Authored by BSides Brussels | Site bsidesbrussels.org

BSides Brussels is a security conference in Brussels, Belgium, with talks, workshops and villages. The goal is to strengthen the exchange of knowledge, cooperation, communication, and integration between the different actors active in the IT security industry. We are pleased to announce that the first edition of BSides Brussels will be held on May 28th, 2020.

tags | paper, conference
SHA-256 | 70ec5121b12f3f6e3c4d81c8f93e5158f7bd1db2576a92cb2d7bb02056a7432b
Ubuntu Security Notice USN-4250-2
Posted Feb 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4250-2 - It was discovered that an unspecified vulnerability existed in the C API component of MariaDB. An attacker could use this to cause a denial of service for MariaDB clients. MariaDB has been updated to 10.3.22 in Ubuntu 19.10 and 10.1.44 in Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-2574
SHA-256 | 6b8e440ea922453b860f4f7db416d460177e61cdc056ccfbbe9693cb05a3d49e
Ubuntu Security Notice USN-4273-1
Posted Feb 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4273-1 - It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-17626
SHA-256 | bad180856bc63db5dab197afb4d12b2798eb8c1c0257675a444f65500cfada1f
Ubuntu Security Notice USN-4272-1
Posted Feb 7, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4272-1 - It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Pillow incorrectly handled certain TIFF images. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 19.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-16865, CVE-2020-5310, CVE-2020-5311, CVE-2020-5312, CVE-2020-5313
SHA-256 | a2d877c631b714e8902eee8ea0e5823efaabf23295ff8d2d0460d5627d440e10
UFONet 1.4
Posted Feb 7, 2020
Authored by psy | Site ufonet.03c8.net

UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Changes: Ported to Python 3.x. Various bug fixing and updates. Various other updates.
tags | tool, web, denial of service, spoof
systems | unix
SHA-256 | b012e3d07e094998633ba0c8a49ccb1df49e21683c68b0cbebe876474934512c
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close