The recent commit #9c4440 introduces two vulnerabilities to libcontainer that can be exploited by an attacker with partial control over the bind mount sources of a new container.
ed408918fa162c1e37fcd4ed27b9ab361935aa46728e7fcbca4f23d94f8f25d3There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.
c8c4ddb8248e3234cb7f686b990e44c2c471253c71a58e09d477456af6b8c3b9Issues in DefineBitsLossless and DefineBitsLossless2 leads to using uninitialized memory while rendering a picture. This is caused by the returned value of a zlib function not properly checked.
396c2a8d45a861b578261ac35463e414a0c7141b924077f21e2a31daf61bcf90Loading a weird MPD file can corrupt flash player's memory.
838fb72db8a1b4cff405ee11b823ee6860c72fe5b2122b2eea654ffdf46183a5Use After Free in Flash AVSS.setSubscribedTags, setCuePointTags and setSubscribedTagsForBackgroundManifest can be abused to write pointers to String to freed locations.
4fd920218793a46ab9cce3ab98f7a35862ab1c6417a8854638fed40036695f51An integer overflow while calling Function.apply can lead to enter an ActionScript function without correctly validating the supplied arguments. Chrome version 41.0.2272.101 stable with Flash version 17.0.0.134 is affected.
851dccc1f099ae9b266f4f0571a50d127e908035fc85ecbce224da0685db6067Flash suffers from a broker-based sandbox escape.
989036efd58bbccc9c007b2a7121bd6ba170455cc7d74bc71d5f4bbe336962f7Flash suffers from a broker-based sandbox escape.
ff44243af4b26853124e63a9869c6b81f401bc2ad222680958329a437559b8efFlash suffers from a broker-based sandbox escape.
32f8d2576cdd393f19c2a9cdbb6d3476d8fda0611004641c02e347365ebea2aeThe "transient array" specified in the "Type 2 Charstring format" specs but also available in Type1 fonts (originally for the purpose of facilitating Multiple Master fonts) is allocated dynamically only if the CoolType interpreter encounters an instruction which requires the presence of the array, such as "get" or "store". While allocating the array, however, the routine does not automatically clear the contents of the newly created buffer.
6ace69fba4e02dc5c9eedf369a1611909bcd055bd1c38c7a835323a1176ce061There is an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.
f100f0c5cc96a2a407b46491520f1bce43ba7ca526f4e6c69f5887bf768c2ecaThe Type1/CFF CharString interpreter code in the Adobe Type Manager Font Driver (ATMFD.DLL) Windows kernel module does not perform nearly any verification that the operand stack is large enough to contain the required instruction operands, which can lead to up to "off-by-three" overreads and overwrites on the interpreter function stack.
51ba13f671a701f0476a89dfbec32f4088b01330862ec09c0a793c9e3d8643a0The system call NtPowerInformation performs a check that the caller is an administrator before performing some specific power functions. The check is done in the PopUserIsAdmin function. On Windows 7 this check is bypassable because the SeTokenIsAdmin function doesn't take into account the impersonation level of the token and the rest of the code also doesn't take it into account.
8e80a5edbfcfa8ce64460f4e9edf0e6164d6af2253e064cbdbd72a18a7cc6f4aIf the fpadInfo property of a NetConnection object is a SharedObject, a use-after-free occurs when the property is deleted.
b56d353e5eaa5e4528ff1ffb7dc841c80fd0d96e3e3d63729b195cd39ca14474Three use-after-free proof of concept exploits for Flash.
2e4eefce9ede8e949e02bc78fdf89f165e66883de32412b8f8591292e5d9a762A use-after-free bug exists while setting the TextFilter.filters array.
31a6c05930a52b35dcd3d8092a6d0a8288bfbf9225bc353369358d98b9ab95b8GSTOOL versions 3.0 through 4.7 contain an insecure encryption feature using the non-public CHIASMUS block cipher.
3cc88f54737c061f14999839c9225e374801d4a5b0c96665eeeb60c1ba4fac3aGNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
310262d1ded082d1ceefc52d6dad265c1decae8d84e12b5947d9b1dd193191e5This Metasploit module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code.
451d9fa4a2e617e48ce85c48c985cb871ef37c17216ab0ee454a7063cff0d329These slides are from the Trustwave Global Security Report as presented at the OWASP AppSec USA 2011 conference.
5ab47429503233cf331568f72c8c9012c6a1f774e9d2d77647e5d1519521f3bcGsonline WebNDesign suffers from a remote SQL injection vulnerability.
6a94126456c95d4803f201fa4a79c3c0b607d72349073d5386a9f08ca90309f4Game Servers Client version 2.00 Build 3017 suffers from a denial of service vulnerability.
8bafaef1b58fae03b23b8a5bd380a03af81a384af4e2638199592f25f97a9cd8Game Servers Client version 2.00 Build 3017 uses IRC as the backend but failed to validate changes to a nickname.
80445d16ffe02cb047a1e223a26a3ad71167fd01c9524171970119db25b999c4GSPlayer version 1.83a Win32 release buffer overflow exploit that spawns calc.exe.
d31c77be59d4096ab9eed9e4bd91b5e10b4b135f72c1e6ef6aa1243b4aa85cb5GSM SIM Utility Direct RET local buffer overflow exploit. Affects version 5.15.
15de76ced43372497ecbe7c41e888d3800c73d203ba85bdcf15a693b20d9e5a9GSM SIM Utility version 5.15 SMS file local buffer overflow exploit.
e710972b79e5000d9d3a062e7d26c8384471e96e14d3687ae2995d2771e95188
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed