what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Chromium mojo::WrapSharedMemoryHandle Insufficient Call
Posted Mar 12, 2018
Authored by Google Security Research, laginimaineb

Chromium suffers from an issue where calling mojo::WrapSharedMemoryHandle is insufficient to produce read-only descriptors for IPC.

tags | exploit
advisories | CVE-2018-6063
MD5 | 473c674fc42d6772752e1711e882dd1f

Related Files

Chromium memory_instrumentation::mojom::Coordinator Information Disclosure
Posted Mar 12, 2018
Authored by Google Security Research, laginimaineb

Chromium suffers from an information disclosure vulnerability via the memory_instrumentation::mojom::Coordinator interface in the resource_coordinator service.

tags | exploit, info disclosure
advisories | CVE-2018-6080
MD5 | aecbddca95d8cb30c1fb09dfe42056f3
Chromium Android Writable SharedMemory Descriptors
Posted Mar 12, 2018
Authored by Google Security Research, laginimaineb

Chromium suffers from an issues where read-only SharedMemory descriptors on Android are writable.

tags | exploit
advisories | CVE-2018-6057
MD5 | 08491d011bf32134fe1395fcf9073825
Chromium filesystem::mojom::Directory Sandbox Escape
Posted Jan 31, 2018
Authored by Google Security Research, laginimaineb

Chromium suffers from a sandbox escape vulnerability via an exposed filesystem::mojom::Directory mojo interface in the catalog service.

tags | exploit
advisories | CVE-2018-6055
MD5 | 29596ace8468f827cee80ea00a7fe425
Flash AS2 Use After Free In TextField.filters (Again)
Posted Aug 21, 2015
Authored by Google Security Research, external

There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.

tags | exploit
systems | linux
MD5 | 9fb670df70c922fa55d22729da42c558
Flash DefineBitsLossless / DefineBitsLossless2 Uninitialized Memory
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Issues in DefineBitsLossless and DefineBitsLossless2 leads to using uninitialized memory while rendering a picture. This is caused by the returned value of a zlib function not properly checked.

tags | exploit
systems | linux
advisories | CVE-2015-3093
MD5 | adb57940b26b85b045d7060227d0e3a7
Flash Uninitialized Stack Variable While Parsing An MPD File Memory Corruption
Posted Aug 21, 2015
Authored by Google Security Research, external

Loading a weird MPD file can corrupt flash player's memory.

tags | exploit
systems | linux
advisories | CVE-2015-3089
MD5 | d9a2e027d6f29cde2f6334afc2330080
Security Use After Free In Flash AVSS.setSubscribedTags Memory Corruption
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Use After Free in Flash AVSS.setSubscribedTags, setCuePointTags and setSubscribedTagsForBackgroundManifest can be abused to write pointers to String to freed locations.

tags | exploit
systems | linux
advisories | CVE-2015-3088
MD5 | 01ebd6a5cfc83e6220448dc7380d4fe3
Security Flash Player Integer Overflow In Function.apply
Posted Aug 21, 2015
Authored by Google Security Research, bilou

An integer overflow while calling Function.apply can lead to enter an ActionScript function without correctly validating the supplied arguments. Chrome version 41.0.2272.101 stable with Flash version 17.0.0.134 is affected.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-3087
MD5 | ae3b92b7b81d5321e364dc9f2475a8b3
Flash Broker-Based Sandbox Escape Via Timing Attack Against File Moving
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3081
MD5 | fcf0457a764c09749ab9c504f282831a
Flash Broker-Based Sandbox Escape Via Unexpected Directory Lock
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3083
MD5 | bbdfa3d3758f087eeeb4baf393150b1e
Flash Broker-Based Sandbox Escape Via Forward Slash Instead Of Backslash
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3082
MD5 | de49c0fd4c2ddc561c79bf78a634ed83
Adobe Reader CoolType Use Of Uninitialized Memory In Transient Array
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The "transient array" specified in the "Type 2 Charstring format" specs but also available in Type1 fonts (originally for the purpose of facilitating Multiple Master fonts) is allocated dynamically only if the CoolType interpreter encounters an instruction which requires the presence of the array, such as "get" or "store". While allocating the array, however, the routine does not automatically clear the contents of the newly created buffer.

tags | advisory
systems | linux
advisories | CVE-2015-3049
MD5 | c5635db0998da538780ccc1b2df3b331
Flash PCRE Regex Compilation Zero-length Assertion Arbitrary Bytecode Execution
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

There is an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-3042
MD5 | 263b173055757ddeee5316dc851ce253
Windows Kernel ATMFD.DLL Off-By-X OOB Reads/Writes Relative To Operand Stack
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The Type1/CFF CharString interpreter code in the Adobe Type Manager Font Driver (ATMFD.DLL) Windows kernel module does not perform nearly any verification that the operand stack is large enough to contain the required instruction operands, which can lead to up to "off-by-three" overreads and overwrites on the interpreter function stack.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-0088
MD5 | fd84729970a1d3710fa3cae955d9bb63
Windows 7 Admin Check Bypass
Posted Aug 21, 2015
Authored by Google Security Research, forshaw

The system call NtPowerInformation performs a check that the caller is an administrator before performing some specific power functions. The check is done in the PopUserIsAdmin function. On Windows 7 this check is bypassable because the SeTokenIsAdmin function doesn't take into account the impersonation level of the token and the rest of the code also doesn't take it into account.

tags | exploit
systems | linux, windows, 7
MD5 | 24d9b5b76d079c599d33e4de0e0a9c90
Flash AS2 Use After Free While Setting TextField.filters
Posted Aug 20, 2015
Authored by Google Security Research, external

A use-after-free bug exists while setting the TextFilter.filters array.

tags | exploit
systems | linux
advisories | CVE-2015-3118
MD5 | fb333b118060a738b5d2c8937a05a1d9
GSTOOL 4.7 Insecure Encryption
Posted Sep 11, 2013
Authored by Jan Schejbal

GSTOOL versions 3.0 through 4.7 contain an insecure encryption feature using the non-public CHIASMUS block cipher.

tags | advisory
MD5 | e7a74491e2bb61e4163e19c7f9bab188
GNU SASL 1.8.0
Posted May 29, 2012
Authored by Simon Josefsson

GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.

Changes: This is a new major stable release. SAML20 support following RFC 6595. OPENID20 support following RFC 6616. SMTP server examples (e.g. for SCRAM, SAML20, and OPENID20). Various cleanups, portability fixes, and other bugfixes. The API and ABI are fully backwards compatible with version 1.6.x.
tags | imap, library
systems | unix
MD5 | 982fe54a20016aa46a871c084c990c36
GSM SIM Editor 5.15 Buffer Overflow
Posted Apr 18, 2012
Authored by Ruben Alejandro | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code.

tags | exploit, overflow, arbitrary
MD5 | b607d4a63d0250d0e1f386df5bb3cafb
Trustwave Global Security Report
Posted Feb 18, 2012
Authored by Charles Henderson | Site trustwave.com

These slides are from the Trustwave Global Security Report as presented at the OWASP AppSec USA 2011 conference.

tags | paper
MD5 | 031dbd61e5b28d76d75b184b9a5442a9
Gsonline WebNDesign SQL Injection
Posted Dec 10, 2011
Authored by tempe_mendoan

Gsonline WebNDesign suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | cbbbb8d6cd0ca974cb88190bdbe4cef2
Game Servers Client 2.00 Build 3017 Denial Of Service
Posted Sep 29, 2011
Authored by Michael Gray

Game Servers Client version 2.00 Build 3017 suffers from a denial of service vulnerability.

tags | advisory, denial of service
MD5 | 1c9002bef34833a3228ab05a4050df1c
Game Servers Client 2.00 Build 3017 Bypass
Posted Sep 29, 2011
Authored by Michael Gray

Game Servers Client version 2.00 Build 3017 uses IRC as the backend but failed to validate changes to a nickname.

tags | advisory, bypass
MD5 | fd6a8ff6ff4184618a15fba9e20a6ca3
GSPlayer 1.83a Win32 Buffer Overflow
Posted Nov 5, 2010
Authored by moigai

GSPlayer version 1.83a Win32 release buffer overflow exploit that spawns calc.exe.

tags | exploit, overflow
systems | windows
MD5 | e6030552f918949e4f5e43754d4a77f2
GSM SIM Utility Direct Local Buffer Overflow
Posted Jul 8, 2010
Authored by chap0

GSM SIM Utility Direct RET local buffer overflow exploit. Affects version 5.15.

tags | exploit, overflow, local
MD5 | 055a6049a48a76b62d4168f558b26e50
Page 1 of 4
Back1234Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close