what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Google Chrome Integer Overflow
Posted Nov 20, 2015
Authored by Google Security Research, markbrand

There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff windowThere's an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff window.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-6763
MD5 | f75118dcf00c75596a76a4999fdddd37

Related Files

Security Use After Free In Flash AVSS.setSubscribedTags Memory Corruption
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Use After Free in Flash AVSS.setSubscribedTags, setCuePointTags and setSubscribedTagsForBackgroundManifest can be abused to write pointers to String to freed locations.

tags | exploit
systems | linux
advisories | CVE-2015-3088
MD5 | 01ebd6a5cfc83e6220448dc7380d4fe3
Security Flash Player Integer Overflow In Function.apply
Posted Aug 21, 2015
Authored by Google Security Research, bilou

An integer overflow while calling Function.apply can lead to enter an ActionScript function without correctly validating the supplied arguments. Chrome version 41.0.2272.101 stable with Flash version 17.0.0.134 is affected.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-3087
MD5 | ae3b92b7b81d5321e364dc9f2475a8b3
Flash Broker-Based Sandbox Escape Via Timing Attack Against File Moving
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3081
MD5 | fcf0457a764c09749ab9c504f282831a
Flash Broker-Based Sandbox Escape Via Unexpected Directory Lock
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3083
MD5 | bbdfa3d3758f087eeeb4baf393150b1e
Flash Broker-Based Sandbox Escape Via Forward Slash Instead Of Backslash
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3082
MD5 | de49c0fd4c2ddc561c79bf78a634ed83
Adobe Reader CoolType Use Of Uninitialized Memory In Transient Array
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The "transient array" specified in the "Type 2 Charstring format" specs but also available in Type1 fonts (originally for the purpose of facilitating Multiple Master fonts) is allocated dynamically only if the CoolType interpreter encounters an instruction which requires the presence of the array, such as "get" or "store". While allocating the array, however, the routine does not automatically clear the contents of the newly created buffer.

tags | advisory
systems | linux
advisories | CVE-2015-3049
MD5 | c5635db0998da538780ccc1b2df3b331
Flash PCRE Regex Compilation Zero-length Assertion Arbitrary Bytecode Execution
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

There is an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-3042
MD5 | 263b173055757ddeee5316dc851ce253
Windows Kernel ATMFD.DLL Off-By-X OOB Reads/Writes Relative To Operand Stack
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The Type1/CFF CharString interpreter code in the Adobe Type Manager Font Driver (ATMFD.DLL) Windows kernel module does not perform nearly any verification that the operand stack is large enough to contain the required instruction operands, which can lead to up to "off-by-three" overreads and overwrites on the interpreter function stack.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-0088
MD5 | fd84729970a1d3710fa3cae955d9bb63
Windows 7 Admin Check Bypass
Posted Aug 21, 2015
Authored by Google Security Research, forshaw

The system call NtPowerInformation performs a check that the caller is an administrator before performing some specific power functions. The check is done in the PopUserIsAdmin function. On Windows 7 this check is bypassable because the SeTokenIsAdmin function doesn't take into account the impersonation level of the token and the rest of the code also doesn't take it into account.

tags | exploit
systems | linux, windows, 7
MD5 | 24d9b5b76d079c599d33e4de0e0a9c90
GSTOOL 4.7 Insecure Encryption
Posted Sep 11, 2013
Authored by Jan Schejbal

GSTOOL versions 3.0 through 4.7 contain an insecure encryption feature using the non-public CHIASMUS block cipher.

tags | advisory
MD5 | e7a74491e2bb61e4163e19c7f9bab188
GNU SASL 1.8.0
Posted May 29, 2012
Authored by Simon Josefsson

GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.

Changes: This is a new major stable release. SAML20 support following RFC 6595. OPENID20 support following RFC 6616. SMTP server examples (e.g. for SCRAM, SAML20, and OPENID20). Various cleanups, portability fixes, and other bugfixes. The API and ABI are fully backwards compatible with version 1.6.x.
tags | imap, library
systems | unix
MD5 | 982fe54a20016aa46a871c084c990c36
GSM SIM Editor 5.15 Buffer Overflow
Posted Apr 18, 2012
Authored by Ruben Alejandro | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code.

tags | exploit, overflow, arbitrary
MD5 | b607d4a63d0250d0e1f386df5bb3cafb
Trustwave Global Security Report
Posted Feb 18, 2012
Authored by Charles Henderson | Site trustwave.com

These slides are from the Trustwave Global Security Report as presented at the OWASP AppSec USA 2011 conference.

tags | paper
MD5 | 031dbd61e5b28d76d75b184b9a5442a9
Gsonline WebNDesign SQL Injection
Posted Dec 10, 2011
Authored by tempe_mendoan

Gsonline WebNDesign suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | cbbbb8d6cd0ca974cb88190bdbe4cef2
Game Servers Client 2.00 Build 3017 Denial Of Service
Posted Sep 29, 2011
Authored by Michael Gray

Game Servers Client version 2.00 Build 3017 suffers from a denial of service vulnerability.

tags | advisory, denial of service
MD5 | 1c9002bef34833a3228ab05a4050df1c
Game Servers Client 2.00 Build 3017 Bypass
Posted Sep 29, 2011
Authored by Michael Gray

Game Servers Client version 2.00 Build 3017 uses IRC as the backend but failed to validate changes to a nickname.

tags | advisory, bypass
MD5 | fd6a8ff6ff4184618a15fba9e20a6ca3
GSPlayer 1.83a Win32 Buffer Overflow
Posted Nov 5, 2010
Authored by moigai

GSPlayer version 1.83a Win32 release buffer overflow exploit that spawns calc.exe.

tags | exploit, overflow
systems | windows
MD5 | e6030552f918949e4f5e43754d4a77f2
Zero Day Initiative Advisory 10-131
Posted Jul 21, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of XUL <tree> element's "selection" attribute. There is an integer overflow when calculating the bounds of a new selection range. When calling adjustSelection on this manged range both ranges are deleted leaving a dangling reference. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-2753
MD5 | bcfef1392605b867aa6a634138db002d
GSM SIM Utility Direct Local Buffer Overflow
Posted Jul 8, 2010
Authored by chap0

GSM SIM Utility Direct RET local buffer overflow exploit. Affects version 5.15.

tags | exploit, overflow, local
MD5 | 055a6049a48a76b62d4168f558b26e50
GSM SIM Utility 5.15 Buffer Overflow
Posted Jun 29, 2010
Authored by chap0

GSM SIM Utility version 5.15 SMS file local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 03d787485f815c6415e3fad73b30b1ed
McAfee Generic PDF Bypass
Posted Oct 28, 2009
Authored by Thierry Zoller

Improper parsing of the PDF structure by various McAfee products leads to evasion of detection of malicious PDF documents at scantime and runtime.

tags | advisory
MD5 | 213029c776a4c1b61c7fd8b9b03e31fe
F-Secure Generic PDF Bypass
Posted Oct 28, 2009
Authored by Thierry Zoller

Improper parsing of the PDF structure by various F-Secure products leads to evasion of detection of malicious PDF documents at scantime and runtime.

tags | advisory
MD5 | 19c4e9365d69ed3cb224b0a831ef9b88
Symantec Generic PDF Bypass
Posted Oct 28, 2009
Authored by Thierry Zoller

Improper parsing of the PDF structure by various Symantec products leads to evasion of detection of malicious PDF documents at scantime and runtime.

tags | advisory
MD5 | 74b3a6fc05f3a4ad37845d41ce85720c
CA Products Denial Of Service
Posted Oct 14, 2009
Authored by Thierry Zoller

Improper handling of a specially crafted RAR archive file by the CA Anti-Virus engine arclib component leads to heap corruption and allows the attacker to cause a denial of service or possibly further compromise the system.

tags | advisory, denial of service, virus
advisories | CVE-2009-3587, CVE-2009-3588
MD5 | 5411bef68721258d6a98e98a4c01b5e2
Garage Sales Script SQL Injection / XSS
Posted Jul 28, 2009
Authored by Moudi

Garage Sales Script suffers from SQL injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
MD5 | f481b9982c20d670a9e4d4bfacf29330
Page 1 of 4
Back1234Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close