exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

FaceTime RTP Video Processing Heap Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if a user accepts a call from a malicious caller. This issue only affects FaceTime on iOS, it does not crash on a Mac.

tags | exploit, kernel
systems | ios
advisories | CVE-2018-4384
MD5 | e1efd0319dcc1218c75d95f35d08574b

Related Files

WeChat CAudioJBM::InputAudioFrameToJBM Memory Corruption
Posted Jan 10, 2020
Authored by Google Security Research, natashenka

There is a memory corruption vulnerability in audio processing during a voice call in WeChat. When an RTP packet is processed, there is a call to UnpacketRTP. This function decrements the length of the packet by 12 without checking that the packet has at least 12 bytes in it. This leads to a negative packet length. Then, CAudioJBM::InputAudioFrameToJBM will check that the packet size is smaller than the size of a buffer before calling memcpy, but this check (n < 300) does not consider that the packet length could be negative due to the previous error. This leads to an out-of-bounds copy.

tags | exploit
MD5 | d5e852c27b43a4bc7e13605282d84e25
Microsoft Internet Explorer CStyleSheetArray::BuildListOfMatchedRules Memory Corruption
Posted Apr 27, 2017
Authored by Ivan Fratric, Google Security Research

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability was confirmed on version 11.576.14393.0 (update version 11.0.38) running on Windows 10 64-bit with page heap enabled for iexplore.exe process.

tags | exploit
systems | windows
advisories | CVE-2017-0202
MD5 | c84b10c1134ad272ca9b6c3a6c0ca2ff
Flash AS2 Use After Free In TextField.filters (Again)
Posted Aug 21, 2015
Authored by Google Security Research, external

There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.

tags | exploit
systems | linux
MD5 | 9fb670df70c922fa55d22729da42c558
Flash DefineBitsLossless / DefineBitsLossless2 Uninitialized Memory
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Issues in DefineBitsLossless and DefineBitsLossless2 leads to using uninitialized memory while rendering a picture. This is caused by the returned value of a zlib function not properly checked.

tags | exploit
systems | linux
advisories | CVE-2015-3093
MD5 | adb57940b26b85b045d7060227d0e3a7
Flash Uninitialized Stack Variable While Parsing An MPD File Memory Corruption
Posted Aug 21, 2015
Authored by Google Security Research, external

Loading a weird MPD file can corrupt flash player's memory.

tags | exploit
systems | linux
advisories | CVE-2015-3089
MD5 | d9a2e027d6f29cde2f6334afc2330080
Security Use After Free In Flash AVSS.setSubscribedTags Memory Corruption
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Use After Free in Flash AVSS.setSubscribedTags, setCuePointTags and setSubscribedTagsForBackgroundManifest can be abused to write pointers to String to freed locations.

tags | exploit
systems | linux
advisories | CVE-2015-3088
MD5 | 01ebd6a5cfc83e6220448dc7380d4fe3
Security Flash Player Integer Overflow In Function.apply
Posted Aug 21, 2015
Authored by Google Security Research, bilou

An integer overflow while calling Function.apply can lead to enter an ActionScript function without correctly validating the supplied arguments. Chrome version 41.0.2272.101 stable with Flash version 17.0.0.134 is affected.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-3087
MD5 | ae3b92b7b81d5321e364dc9f2475a8b3
Flash Broker-Based Sandbox Escape Via Timing Attack Against File Moving
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3081
MD5 | fcf0457a764c09749ab9c504f282831a
Flash Broker-Based Sandbox Escape Via Unexpected Directory Lock
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3083
MD5 | bbdfa3d3758f087eeeb4baf393150b1e
Flash Broker-Based Sandbox Escape Via Forward Slash Instead Of Backslash
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3082
MD5 | de49c0fd4c2ddc561c79bf78a634ed83
Adobe Reader CoolType Use Of Uninitialized Memory In Transient Array
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The "transient array" specified in the "Type 2 Charstring format" specs but also available in Type1 fonts (originally for the purpose of facilitating Multiple Master fonts) is allocated dynamically only if the CoolType interpreter encounters an instruction which requires the presence of the array, such as "get" or "store". While allocating the array, however, the routine does not automatically clear the contents of the newly created buffer.

tags | advisory
systems | linux
advisories | CVE-2015-3049
MD5 | c5635db0998da538780ccc1b2df3b331
Flash PCRE Regex Compilation Zero-length Assertion Arbitrary Bytecode Execution
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

There is an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-3042
MD5 | 263b173055757ddeee5316dc851ce253
Windows Kernel ATMFD.DLL Off-By-X OOB Reads/Writes Relative To Operand Stack
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The Type1/CFF CharString interpreter code in the Adobe Type Manager Font Driver (ATMFD.DLL) Windows kernel module does not perform nearly any verification that the operand stack is large enough to contain the required instruction operands, which can lead to up to "off-by-three" overreads and overwrites on the interpreter function stack.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-0088
MD5 | fd84729970a1d3710fa3cae955d9bb63
Windows 7 Admin Check Bypass
Posted Aug 21, 2015
Authored by Google Security Research, forshaw

The system call NtPowerInformation performs a check that the caller is an administrator before performing some specific power functions. The check is done in the PopUserIsAdmin function. On Windows 7 this check is bypassable because the SeTokenIsAdmin function doesn't take into account the impersonation level of the token and the rest of the code also doesn't take it into account.

tags | exploit
systems | linux, windows, 7
MD5 | 24d9b5b76d079c599d33e4de0e0a9c90
Flash AS2 Use After Free While Setting TextField.filters
Posted Aug 20, 2015
Authored by Google Security Research, external

A use-after-free bug exists while setting the TextFilter.filters array.

tags | exploit
systems | linux
advisories | CVE-2015-3118
MD5 | fb333b118060a738b5d2c8937a05a1d9
GSTOOL 4.7 Insecure Encryption
Posted Sep 11, 2013
Authored by Jan Schejbal

GSTOOL versions 3.0 through 4.7 contain an insecure encryption feature using the non-public CHIASMUS block cipher.

tags | advisory
MD5 | e7a74491e2bb61e4163e19c7f9bab188
GNU SASL 1.8.0
Posted May 29, 2012
Authored by Simon Josefsson

GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.

Changes: This is a new major stable release. SAML20 support following RFC 6595. OPENID20 support following RFC 6616. SMTP server examples (e.g. for SCRAM, SAML20, and OPENID20). Various cleanups, portability fixes, and other bugfixes. The API and ABI are fully backwards compatible with version 1.6.x.
tags | imap, library
systems | unix
MD5 | 982fe54a20016aa46a871c084c990c36
GSM SIM Editor 5.15 Buffer Overflow
Posted Apr 18, 2012
Authored by Ruben Alejandro | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code.

tags | exploit, overflow, arbitrary
MD5 | b607d4a63d0250d0e1f386df5bb3cafb
Trustwave Global Security Report
Posted Feb 18, 2012
Authored by Charles Henderson | Site trustwave.com

These slides are from the Trustwave Global Security Report as presented at the OWASP AppSec USA 2011 conference.

tags | paper
MD5 | 031dbd61e5b28d76d75b184b9a5442a9
Gsonline WebNDesign SQL Injection
Posted Dec 10, 2011
Authored by tempe_mendoan

Gsonline WebNDesign suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | cbbbb8d6cd0ca974cb88190bdbe4cef2
Game Servers Client 2.00 Build 3017 Denial Of Service
Posted Sep 29, 2011
Authored by Michael Gray

Game Servers Client version 2.00 Build 3017 suffers from a denial of service vulnerability.

tags | advisory, denial of service
MD5 | 1c9002bef34833a3228ab05a4050df1c
Game Servers Client 2.00 Build 3017 Bypass
Posted Sep 29, 2011
Authored by Michael Gray

Game Servers Client version 2.00 Build 3017 uses IRC as the backend but failed to validate changes to a nickname.

tags | advisory, bypass
MD5 | fd6a8ff6ff4184618a15fba9e20a6ca3
GSPlayer 1.83a Win32 Buffer Overflow
Posted Nov 5, 2010
Authored by moigai

GSPlayer version 1.83a Win32 release buffer overflow exploit that spawns calc.exe.

tags | exploit, overflow
systems | windows
MD5 | e6030552f918949e4f5e43754d4a77f2
GSM SIM Utility Direct Local Buffer Overflow
Posted Jul 8, 2010
Authored by chap0

GSM SIM Utility Direct RET local buffer overflow exploit. Affects version 5.15.

tags | exploit, overflow, local
MD5 | 055a6049a48a76b62d4168f558b26e50
GSM SIM Utility 5.15 Buffer Overflow
Posted Jun 29, 2010
Authored by chap0

GSM SIM Utility version 5.15 SMS file local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 03d787485f815c6415e3fad73b30b1ed
Page 1 of 4
Back1234Next

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    3 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    21 Files
  • 22
    Jan 22nd
    19 Files
  • 23
    Jan 23rd
    19 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close