what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2021-02-05

Apple CoreText libType1Scaler.dylib Out-Of-Bounds Write / Integer Overflow
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libType1Scaler.dylib suffers from a heap out-of-bounds-write due to an integer overflow vulnerability in STOREWV othersubr.

tags | exploit, overflow
systems | apple
advisories | CVE-2020-27944
SHA-256 | 5bc7d9095b5e3a443161d656caf0d98e618030349e3b02521fce505ffb28bfe4
Apple CoreText libFontParser.dylib Stack Corruption
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libFontParser.dylib suffers from a stack corruption vulnerability in the handling of /BlendDesignPositions Type 1 objects.

tags | exploit
systems | apple
advisories | CVE-2020-0938, CVE-2020-29624
SHA-256 | 20846ff276b0918588c20eba4f03a51e239d0c24a7bc30e422ba7d6a2a943720
Apple CoreText libType1Scaler.dylib Buffer Overflow
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libType1Scaler.dylib suffers from a heap buffer overflow vulnerability in the Counter Control Hints.

tags | exploit, overflow
systems | apple
advisories | CVE-2020-27943
SHA-256 | e9d0553c3318c8cfd5e3a7cef08c6780c862cd2e9728e3e931ac58bc5d0dd690
Apple CoreText libType1Scaler.dylib Memory Disclosure
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libType1Scaler.dylib suffers from a memory disclosure vulnerability via an uninitialized transient array.

tags | exploit
systems | apple
advisories | CVE-2020-27946
SHA-256 | f0083ddd4710cae64924c74a0167cfc38f0711da70bd85eac021e889e40d7814
XNU Kernel Mach Message Trailers Memory Disclosure
Posted Feb 5, 2021
Authored by Google Security Research, Ian Beer

The XNU kernel suffers from a memory disclosure vulnerability in mach message trailers.

tags | exploit, kernel
advisories | CVE-2020-27950
SHA-256 | 642f39fd92a5ac4ffb770427ffb354a2a9fadfb25d5b0622ea37837653fb0f84
XNU Kernel Turnstiles Type Confusion
Posted Feb 5, 2021
Authored by Google Security Research, Ian Beer

The XNU kernel suffers from a type confusion vulnerability in turnstiles.

tags | exploit, kernel
advisories | CVE-2020-27932
SHA-256 | d3d2bb641fe186858d248f07b853338f4be5d90e81441c7f7abebd7540ae579c
Apple Safari Remote Code Execution
Posted Feb 5, 2021
Authored by Google Security Research, mjurczyk

Apple Safari is susceptible to a remote code execution vulnerability via an undefined othersubr in Type 1 fonts handled by libType1Scaler.dylib on macOS and iOS.

tags | exploit, remote, code execution
systems | apple, ios
advisories | CVE-2020-27930
SHA-256 | ee0df6f67552aebe8e8c91b5e13e7a4dc6342b9e701c512f4847cf4f5b91f7cc
Sudo 1.8.31p2 / 1.9.5p1 Buffer Overflow
Posted Feb 5, 2021
Authored by Blasty, Spencer McIntyre, Qualys Security Advisory, bwatters-r7, Alexander Krog | Site metasploit.com

A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.

tags | exploit, overflow, local
advisories | CVE-2021-3156
SHA-256 | cdf458fa2ff6a679afd1037bdb879758b301305b20f223b3aade629bb97b04bc
SEO Panel 4.6.0 Remote Code Execution
Posted Feb 5, 2021
Authored by Kr0ff

SEO Panel version 4.6.0 remote code execution exploit. Original discovery of code execution in this version is attributed to Daniel Monzon and Kiko Andreu in October of 2020.

tags | exploit, remote, code execution
SHA-256 | 32235f5af245cae264b5c3a9f586e7317257d23a3407ae0e6b1e9f54d275b9ac
PhreeBooks 5.2.3 Remote Code Execution
Posted Feb 5, 2021
Authored by Kr0ff

PhreeBooks ERP version 5.2.3 remote code execution exploit. Original discovery of this vulnerability is attributed to Abdullah Celebi in April of 2019.

tags | exploit, remote, code execution
SHA-256 | 6318dca6517f810ccc72e6eda9d9b9465e83b02cd6a7e31fc0c1c37fe3f83e58
LiteSpeed Web Server Enterprise 5.4.11 Command Injection
Posted Feb 5, 2021
Authored by SunCSR, cmOs

LiteSpeed Web Server Enterprise version 5.4.11 suffers from an authenticated remote command injection vulnerability.

tags | exploit, remote, web
SHA-256 | 3ba47cb0d0b0247ab02f85b865390f467999b58710524e0b2140b93cf1e7dd71
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close