exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

WebKit Element::dispatchMouseEvent Heap Use-After-Free
Posted Aug 19, 2021
Authored by Google Security Research, Glazvunov

WebKit suffers from a heap use-after-free vulnerability in Element::dispatchMouseEvent.

tags | exploit
advisories | CVE-2021-30799
SHA-256 | 32ce340e9e7aafa598cb7a3f4f8b409cd814f55d9df9e771b2d4767d0216dbcb

Related Files

WebKit TypedArray.copyWithin Memory Corruption
Posted Jul 29, 2016
Authored by Google Security Research, natashenka

WebKit suffers from a memory corruption vulnerability in TypedArray.copyWithin.

tags | exploit
SHA-256 | a1a879392edefe9000a32a0b132faa9914f660c3f5583d951b4ba36dc59d1a5b
WebKit TypedArray.fill Memory Corruption
Posted Jul 29, 2016
Authored by Google Security Research, natashenka

WebKit suffers from a memory corruption vulnerability in TypedArray.fill.

tags | exploit
SHA-256 | dd867b4d358aaa6e14a0d03112c063c2e4ef03e466614c2eb27dcbda6488c1ef
Flash AS2 Use After Free In TextField.filters (Again)
Posted Aug 21, 2015
Authored by Google Security Research, external

There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.

tags | exploit
systems | linux
SHA-256 | c8c4ddb8248e3234cb7f686b990e44c2c471253c71a58e09d477456af6b8c3b9
Flash DefineBitsLossless / DefineBitsLossless2 Uninitialized Memory
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Issues in DefineBitsLossless and DefineBitsLossless2 leads to using uninitialized memory while rendering a picture. This is caused by the returned value of a zlib function not properly checked.

tags | exploit
systems | linux
advisories | CVE-2015-3093
SHA-256 | 396c2a8d45a861b578261ac35463e414a0c7141b924077f21e2a31daf61bcf90
Flash Uninitialized Stack Variable While Parsing An MPD File Memory Corruption
Posted Aug 21, 2015
Authored by Google Security Research, external

Loading a weird MPD file can corrupt flash player's memory.

tags | exploit
systems | linux
advisories | CVE-2015-3089
SHA-256 | 838fb72db8a1b4cff405ee11b823ee6860c72fe5b2122b2eea654ffdf46183a5
Security Use After Free In Flash AVSS.setSubscribedTags Memory Corruption
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Use After Free in Flash AVSS.setSubscribedTags, setCuePointTags and setSubscribedTagsForBackgroundManifest can be abused to write pointers to String to freed locations.

tags | exploit
systems | linux
advisories | CVE-2015-3088
SHA-256 | 4fd920218793a46ab9cce3ab98f7a35862ab1c6417a8854638fed40036695f51
Security Flash Player Integer Overflow In Function.apply
Posted Aug 21, 2015
Authored by Google Security Research, bilou

An integer overflow while calling Function.apply can lead to enter an ActionScript function without correctly validating the supplied arguments. Chrome version 41.0.2272.101 stable with Flash version 17.0.0.134 is affected.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-3087
SHA-256 | 851dccc1f099ae9b266f4f0571a50d127e908035fc85ecbce224da0685db6067
Flash Broker-Based Sandbox Escape Via Timing Attack Against File Moving
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3081
SHA-256 | 989036efd58bbccc9c007b2a7121bd6ba170455cc7d74bc71d5f4bbe336962f7
Flash Broker-Based Sandbox Escape Via Unexpected Directory Lock
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3083
SHA-256 | ff44243af4b26853124e63a9869c6b81f401bc2ad222680958329a437559b8ef
Flash Broker-Based Sandbox Escape Via Forward Slash Instead Of Backslash
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3082
SHA-256 | 32f8d2576cdd393f19c2a9cdbb6d3476d8fda0611004641c02e347365ebea2ae
Adobe Reader CoolType Use Of Uninitialized Memory In Transient Array
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The "transient array" specified in the "Type 2 Charstring format" specs but also available in Type1 fonts (originally for the purpose of facilitating Multiple Master fonts) is allocated dynamically only if the CoolType interpreter encounters an instruction which requires the presence of the array, such as "get" or "store". While allocating the array, however, the routine does not automatically clear the contents of the newly created buffer.

tags | advisory
systems | linux
advisories | CVE-2015-3049
SHA-256 | 6ace69fba4e02dc5c9eedf369a1611909bcd055bd1c38c7a835323a1176ce061
Flash PCRE Regex Compilation Zero-length Assertion Arbitrary Bytecode Execution
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

There is an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-3042
SHA-256 | f100f0c5cc96a2a407b46491520f1bce43ba7ca526f4e6c69f5887bf768c2eca
Windows Kernel ATMFD.DLL Off-By-X OOB Reads/Writes Relative To Operand Stack
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The Type1/CFF CharString interpreter code in the Adobe Type Manager Font Driver (ATMFD.DLL) Windows kernel module does not perform nearly any verification that the operand stack is large enough to contain the required instruction operands, which can lead to up to "off-by-three" overreads and overwrites on the interpreter function stack.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-0088
SHA-256 | 51ba13f671a701f0476a89dfbec32f4088b01330862ec09c0a793c9e3d8643a0
Windows 7 Admin Check Bypass
Posted Aug 21, 2015
Authored by Google Security Research, forshaw

The system call NtPowerInformation performs a check that the caller is an administrator before performing some specific power functions. The check is done in the PopUserIsAdmin function. On Windows 7 this check is bypassable because the SeTokenIsAdmin function doesn't take into account the impersonation level of the token and the rest of the code also doesn't take it into account.

tags | exploit
systems | linux, windows
SHA-256 | 8e80a5edbfcfa8ce64460f4e9edf0e6164d6af2253e064cbdbd72a18a7cc6f4a
Flash UAF With MovieClip.scrollRect In AS2
Posted Aug 20, 2015
Authored by Google Security Research, bilou

When setting the scrollRect attribute of a MovieClip in AS2 with a custom Rectangle it is possible to free the MovieClip while a reference remains in the stack.

tags | exploit
systems | linux
advisories | CVE-2015-5130
SHA-256 | 784ff7b73b5ba4aba1ac24bbe51f62d68e8c1405d60181192fb3613898562723
Flash AS2 Use After Free In DisplacementMapFilter.mapBitmap
Posted Aug 20, 2015
Authored by Google Security Research, bilou

There is a use after free in Flash caused by an improper handling of BitmapData objects in the DisplacementMapFilter.mapBitmap property.

tags | exploit
systems | linux
advisories | CVE-2015-3080
SHA-256 | 2e1c6f0cbff4d283e27bc67ff2c3d6a2f97825e1fb4b4c03692fb92493f675d7
Adobe Flash Use-After-Free When Setting Variable
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

In certain cases where a native AS2 class sets an internal variable, it can lead to a use-after-free if the variable is a SharedObject. While this example shows setting NetConnection.contentType, this applies to several other variables including many properties of the Sound and NetStream classes.

tags | exploit
systems | linux
advisories | CVE-2015-5134
SHA-256 | 988359360be0f5f9adf193f6cd3a04d83c07dd40e147fd6dcd237b7482c3bf8c
Flash Boundless Tunes Universal SOP Bypass Through ActionSctipt's Sound Object
Posted Aug 20, 2015
Authored by Google Security Research, ojakigamon

An instance of ActionScript's Sound class allows for loading and extracting for further processing any kind of external data, not only sound files. Same-origin policy doesn't apply here. Each input byte of raw data, loaded previously from given URL, is encoded by an unspecified function to the same 8 successive sample blocks of output. The sample block consists of 8 bytes (first 4 bytes for left channel and next 4 bytes for right channel). Only 2 bytes from 8 sound blocks (64 bytes) are crucial, the rest 52 bytes are useless. Each byte of input from range 0-255 has corresponding constant unsigned integer value (a result of encoding), so for decoding purposes you can use simply lookup table (cf. source code from BoundlessTunes.as).

tags | exploit
systems | linux
advisories | CVE-2015-5116
SHA-256 | fc4873a13244f4cbc031eca310103bf8bf2dd9f88a4c98659fde47aa2310d88d
NetConnection.connect Use-After-Free
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

If the fpadInfo property of a NetConnection object is a SharedObject, a use-after-free occurs when the property is deleted.

tags | exploit
systems | linux
advisories | CVE-2015-3107
SHA-256 | b56d353e5eaa5e4528ff1ffb7dc841c80fd0d96e3e3d63729b195cd39ca14474
Flash Use-After-Free In Display List Handling Round 2
Posted Aug 20, 2015
Authored by Google Security Research, external

Three use-after-free proof of concept exploits for Flash.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2015-3124
SHA-256 | 2e4eefce9ede8e949e02bc78fdf89f165e66883de32412b8f8591292e5d9a762
Flash AS2 Use After Free While Setting TextField.filters
Posted Aug 20, 2015
Authored by Google Security Research, external

A use-after-free bug exists while setting the TextFilter.filters array.

tags | exploit
systems | linux
advisories | CVE-2015-3118
SHA-256 | 31a6c05930a52b35dcd3d8092a6d0a8288bfbf9225bc353369358d98b9ab95b8
Apple Safari WebKit HTML Button Use-After-Free
Posted Jun 9, 2010
Authored by Matthieu Bonetti | Site vupen.com

Apple Safari WebKit suffers from a HTML button use-after-free vulnerability.

tags | advisory
systems | apple
advisories | CVE-2010-1392
SHA-256 | f36dcd883ac6b8ae5841337712b2ab864df2d80bbd1ba2cf60dff0d5f9bd52b2
GS1.0.0.40OfficialRelease.rar
Posted Feb 23, 2008
Authored by cDc | Site goolag.org

Goolag Scanner version 1.0. This tool has been released by the Cult of the Dead Cow to automate Google hacking using 1,500 predefined search queries.

tags | tool, scanner
systems | unix
SHA-256 | 052f30701a3f98d4097362ef486c4e09cecdf65778832bd34781b2d744896d38
GS07-02.txt
Posted Oct 25, 2007
Authored by Fatih Ozavci, Caglar Cakici | Site gamasec.net

The RSA KEON Registration Authority Web Interface suffers from multiple cross site scripting vulnerabilities. Version 1.0 is susceptible.

tags | advisory, web, vulnerability, xss
SHA-256 | 26c310be669771da1384f9cf1a2df0bcb062948b01a68a3476d898341ac35511
GS07-01.txt
Posted May 17, 2007
Authored by Fatih Ozavci, Caglar Cakici | Site gamasec.net

Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious content to bypass HTTP content scanning systems. Systems affected include Checkpoint Web Intelligence and IBM ISS Proventia Series systems.

tags | advisory, web
SHA-256 | ed7d99c4b0c8cf924026804e5a72dd264e34e794211f2f18d66d3c41fdd46077
Page 4 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close