Showing 1 - 5 of 5

Files Date: 2021-04-09 to 2021-04-10

Google Chrome SimplfiedLowering Integer Overflow: Posted Apr 9, 2021; Authored by Rajvardhan Agarwal | Site metasploit.com; This Metasploit module exploits an issue in Google Chrome versions before 87.0.4280.88 (64 bit). The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan. It is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1. This is abused to gain arbitrary read/write into the isolate region. Then an ArrayBuffer can be used to achieve absolute arbitrary read/write. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, the browser must be run with the --no-sandbox option for the payload to work correctly.; tags | exploit, overflow, arbitrary, shellcode; advisories | CVE-2020-16040; SHA-256 | a2c2e0bb6afa9428a1723f49c6bd0ba43ef8b68bb81b7b27053a5cae99795839; Download | Favorite | View

GRAudit Grep Auditing Tool 2.9: Posted Apr 9, 2021; Authored by Wireghoul | Site justanotherhacker.com; Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.; Changes: Fix for GRDIR applied. Improved C fruit rules. Improved js fruit rules. Started python fruit rules. Updated documentation. Various other updates as well.; tags | tool; systems | unix; SHA-256 | 41eb7846be334a34a54cdda4de506dfc8dc6be67eb610b7d6bb9b8cae80e277d; Download | Favorite | View

Red Hat Security Advisory 2021-1079-01: Posted Apr 9, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-1079-01 - Red Hat Ansible Automation Platform Resource Operator container images with security fixes. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Data exposure issues have been addressed.; tags | advisory; systems | linux, redhat; advisories | CVE-2017-12652, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-14973, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-17546, CVE-2019-19956, CVE-2019-20388, CVE-2019-20907, CVE-2019-5094, CVE-2019-5188, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-14422, CVE-2020-15999, CVE-2020-1971, CVE-2020-5313; SHA-256 | a0673c02c767215a0535af311644e98d31b6956c4e2cc33033d2203fa50abe65; Download | Favorite | View

Red Hat Security Advisory 2021-1145-01: Posted Apr 9, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-1145-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.; tags | advisory, kernel, cryptography, python; systems | linux, redhat; advisories | CVE-2021-20305; SHA-256 | c64e53f209824c0541aa87a7b3d247fd85ddd3bfb744137d79b41874b72f64e3; Download | Favorite | View

PrestaShop 1.7.6.7 SQL Injection: Posted Apr 9, 2021; Authored by Vanshal Gaur; PrestaShop version 1.7.6.7 suffers from a remote blind SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2020-15160; SHA-256 | f1c3f300a9f1e959348646e78eff348a28676f39c5e27cf9281061035064023b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days