Showing 51 - 57 of 57

Files Date: 2016-01-27 to 2016-01-28

OSMetaClassBase:safeMetaCast Return Value Check Fail: Posted Jan 27, 2016; Authored by Google Security Research, Ian Beer; IOUserClient::connectClient is an obscure IOKit method which according to the docs is supposed to "Inform a connection of a second connection." In fact IOKit provides no default implementation and only a handful of userclients actually implement it, and it's pretty much up to them to define the semantics of what "informing the connection of a second connection" actually means. One of the userclients which implements connectClient is IOAccelContext2 which is the parent of the IGAccelContext userclient family (which are the intel GPU accelerator userclients.) IOUserClient::connectClient is exposed to userspace as IOConnectAddClient.; tags | exploit; systems | linux; advisories | CVE-2015-6996; SHA-256 | e6b28ef3cbbacff31eb961ab63d921cbf6e4a18a44fb51c2925eaa646004d804; Download | Favorite | View

iOS Kernel AppleOscarGyro Use-After-Free: Posted Jan 27, 2016; Authored by Google Security Research, Ian Beer; The iOS kernel suffers from a use-after-free vulnerability in AppleOscarGyro.; tags | exploit, kernel; systems | cisco, linux, ios; advisories | CVE-2016-1719; SHA-256 | 4e06593eee3ee14b6e919071b2131a9da0f8320a680e792d7ad5ff9d7dbc3557; Download | Favorite | View

Barracuda Networks Message Archiver 650 XSS: Posted Jan 27, 2016; Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com; Barracuda Networks Message Archiver 650 suffers from client-side cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 1c0b73f24b7667d9fb0327e285dc28d2284d74620d2883f0ce6c017bf7538e6a; Download | Favorite | View

Atlassian Jira 6.1.4 Cross Site Scripting: Posted Jan 27, 2016; Authored by Razvan Cernaianu; Atlassian Jira versions 6.1.4 and below suffer from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 69982c2e62642ecdd6d36596ed6e34438ea61178dc78a728f96a3b398a394b62; Download | Favorite | View

Wireshark Dissect_nhdr_extopt Buffer Overflow: Posted Jan 27, 2016; Authored by Google Security Research, mjurczyk; Wireshark suffers from a stack-based buffer overflow in Dissect_nhdr_extopt.; tags | exploit, overflow; systems | linux; SHA-256 | e5bb93c3d0ae53a0370f67f79a20eec4d3bc179a65634b7d8197cdbc08479166; Download | Favorite | View

Android sensord Local Root: Posted Jan 27, 2016; Authored by s0m3b0dy; Android sensord local root exploit.; tags | exploit, local, root; SHA-256 | 81fc11ebb3e31b76d066ddd79bc476422e02bd43e5bb43e9ef99238f55eb448e; Download | Favorite | View

IOHDIXControllerUserClient:convertClientBuffer Integer Overflow: Posted Jan 27, 2016; Authored by Google Security Research, Ian Beer; Method 5 of the IOHDIXController user client is createDrive64. This takes a 0x10 0 byte structure input from which it reads a userspace pointer and a size which it passes to IOHDIXController::convertClientBuffer. This wraps the memory pointed to by the userspace pointer in an IOMemoryDescriptor then takes the user-provided size, casts it to a 32-bit type and adds one. It passes that value to IOMalloc. By passing a size of 0xffffffff we can cause an integer overflow and IOMalloc will be passed a size of 0. IOMalloc falls through to kalloc which will quite happily make a 0-sized allocation for us and return a valid, writable kernel heap pointer.; tags | exploit, overflow, kernel; systems | linux; advisories | CVE-2015-6995; SHA-256 | 7c1b4d44f576a45333e8a5f38a438bc7780560237ca558e684660c3e2a87a9cb; Download | Favorite | View

Page 3 of 3 Back 1 2 3 Next

Top Authors In Last 30 Days