exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

Chrome HandleTable::AddDispatchersFromTransit Integer Overflow
Posted Mar 16, 2022
Authored by Google Security Research, Glazvunov

Chrome suffers from an integer overflow vulnerability in HandleTable::AddDispatchersFromTransit that can lead to memory corruption.

tags | exploit, overflow
advisories | CVE-2022-0608
SHA-256 | 0ef0d4da3c4dc9fb06483f95973add0c92d39c6c630ce2e22e5798641135e44a

Related Files

Security Flash Player Integer Overflow In Function.apply
Posted Aug 21, 2015
Authored by Google Security Research, bilou

An integer overflow while calling Function.apply can lead to enter an ActionScript function without correctly validating the supplied arguments. Chrome version 41.0.2272.101 stable with Flash version 17.0.0.134 is affected.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-3087
SHA-256 | 851dccc1f099ae9b266f4f0571a50d127e908035fc85ecbce224da0685db6067
Flash Broker-Based Sandbox Escape Via Timing Attack Against File Moving
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3081
SHA-256 | 989036efd58bbccc9c007b2a7121bd6ba170455cc7d74bc71d5f4bbe336962f7
Flash Broker-Based Sandbox Escape Via Unexpected Directory Lock
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3083
SHA-256 | ff44243af4b26853124e63a9869c6b81f401bc2ad222680958329a437559b8ef
Flash Broker-Based Sandbox Escape Via Forward Slash Instead Of Backslash
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3082
SHA-256 | 32f8d2576cdd393f19c2a9cdbb6d3476d8fda0611004641c02e347365ebea2ae
Adobe Reader CoolType Use Of Uninitialized Memory In Transient Array
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The "transient array" specified in the "Type 2 Charstring format" specs but also available in Type1 fonts (originally for the purpose of facilitating Multiple Master fonts) is allocated dynamically only if the CoolType interpreter encounters an instruction which requires the presence of the array, such as "get" or "store". While allocating the array, however, the routine does not automatically clear the contents of the newly created buffer.

tags | advisory
systems | linux
advisories | CVE-2015-3049
SHA-256 | 6ace69fba4e02dc5c9eedf369a1611909bcd055bd1c38c7a835323a1176ce061
Flash PCRE Regex Compilation Zero-length Assertion Arbitrary Bytecode Execution
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

There is an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-3042
SHA-256 | f100f0c5cc96a2a407b46491520f1bce43ba7ca526f4e6c69f5887bf768c2eca
Windows Kernel ATMFD.DLL Off-By-X OOB Reads/Writes Relative To Operand Stack
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The Type1/CFF CharString interpreter code in the Adobe Type Manager Font Driver (ATMFD.DLL) Windows kernel module does not perform nearly any verification that the operand stack is large enough to contain the required instruction operands, which can lead to up to "off-by-three" overreads and overwrites on the interpreter function stack.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-0088
SHA-256 | 51ba13f671a701f0476a89dfbec32f4088b01330862ec09c0a793c9e3d8643a0
Windows 7 Admin Check Bypass
Posted Aug 21, 2015
Authored by Google Security Research, forshaw

The system call NtPowerInformation performs a check that the caller is an administrator before performing some specific power functions. The check is done in the PopUserIsAdmin function. On Windows 7 this check is bypassable because the SeTokenIsAdmin function doesn't take into account the impersonation level of the token and the rest of the code also doesn't take it into account.

tags | exploit
systems | linux, windows
SHA-256 | 8e80a5edbfcfa8ce64460f4e9edf0e6164d6af2253e064cbdbd72a18a7cc6f4a
Adobe Flash Out-Of-Bounds Memory Read While Parsing A Mutated SWF File
Posted Aug 20, 2015
Authored by Google Security Research, hawkes

An access violation occurs in Adobe Flash Player plugin while parsing a mutated swf file.

tags | exploit
systems | linux
advisories | CVE-2015-5132
SHA-256 | a9bceda55620d3ed4cd20aec8a272a586fc3442122decbc24a9ba59a81f9b08b
Adobe Flash Out-Of-Bounds Memory Read While Parsing A Mutated SWF File
Posted Aug 20, 2015
Authored by Google Security Research, hawkes

An access violation occurs in Adobe Flash Player plugin while parsing a mutated swf file.

tags | exploit
systems | linux
advisories | CVE-2015-5131
SHA-256 | d1b4ab4f8b0404b6ba7f6fd0ce0dddffa431bd6d447a9316b9385e81916c89f2
Adobe Flash Use-After-Free When Setting Value
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

In certain cases where a native AS2 class sets an internal atom to a value, it can lead to a use-after-free if the variable is a SharedObject.

tags | exploit
systems | linux
advisories | CVE-2015-5539
SHA-256 | 90eacb51d34198b2be5fdbf20c1cbafadb5acc055ea1efde7be967cbaf2262ef
Flash UAF With MovieClip.scrollRect In AS2
Posted Aug 20, 2015
Authored by Google Security Research, bilou

When setting the scrollRect attribute of a MovieClip in AS2 with a custom Rectangle it is possible to free the MovieClip while a reference remains in the stack.

tags | exploit
systems | linux
advisories | CVE-2015-5130
SHA-256 | 784ff7b73b5ba4aba1ac24bbe51f62d68e8c1405d60181192fb3613898562723
Flash AS2 Use After Free In DisplacementMapFilter.mapBitmap
Posted Aug 20, 2015
Authored by Google Security Research, bilou

There is a use after free in Flash caused by an improper handling of BitmapData objects in the DisplacementMapFilter.mapBitmap property.

tags | exploit
systems | linux
advisories | CVE-2015-3080
SHA-256 | 2e1c6f0cbff4d283e27bc67ff2c3d6a2f97825e1fb4b4c03692fb92493f675d7
Adobe Flash Use-After-Free When Setting Variable
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

In certain cases where a native AS2 class sets an internal variable, it can lead to a use-after-free if the variable is a SharedObject. While this example shows setting NetConnection.contentType, this applies to several other variables including many properties of the Sound and NetStream classes.

tags | exploit
systems | linux
advisories | CVE-2015-5134
SHA-256 | 988359360be0f5f9adf193f6cd3a04d83c07dd40e147fd6dcd237b7482c3bf8c
Flash Boundless Tunes Universal SOP Bypass Through ActionSctipt's Sound Object
Posted Aug 20, 2015
Authored by Google Security Research, ojakigamon

An instance of ActionScript's Sound class allows for loading and extracting for further processing any kind of external data, not only sound files. Same-origin policy doesn't apply here. Each input byte of raw data, loaded previously from given URL, is encoded by an unspecified function to the same 8 successive sample blocks of output. The sample block consists of 8 bytes (first 4 bytes for left channel and next 4 bytes for right channel). Only 2 bytes from 8 sound blocks (64 bytes) are crucial, the rest 52 bytes are useless. Each byte of input from range 0-255 has corresponding constant unsigned integer value (a result of encoding), so for decoding purposes you can use simply lookup table (cf. source code from BoundlessTunes.as).

tags | exploit
systems | linux
advisories | CVE-2015-5116
SHA-256 | fc4873a13244f4cbc031eca310103bf8bf2dd9f88a4c98659fde47aa2310d88d
NetConnection.connect Use-After-Free
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

If the fpadInfo property of a NetConnection object is a SharedObject, a use-after-free occurs when the property is deleted.

tags | exploit
systems | linux
advisories | CVE-2015-3107
SHA-256 | b56d353e5eaa5e4528ff1ffb7dc841c80fd0d96e3e3d63729b195cd39ca14474
Flash Use-After-Free In Display List Handling Round 2
Posted Aug 20, 2015
Authored by Google Security Research, external

Three use-after-free proof of concept exploits for Flash.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2015-3124
SHA-256 | 2e4eefce9ede8e949e02bc78fdf89f165e66883de32412b8f8591292e5d9a762
Flash AS2 Use After Free While Setting TextField.filters
Posted Aug 20, 2015
Authored by Google Security Research, external

A use-after-free bug exists while setting the TextFilter.filters array.

tags | exploit
systems | linux
advisories | CVE-2015-3118
SHA-256 | 31a6c05930a52b35dcd3d8092a6d0a8288bfbf9225bc353369358d98b9ab95b8
Chrome ui::AXTree::Unserialize Use-After-Free
Posted Jul 18, 2015
Authored by SkyLined

Chrome suffers from a ui::AXTree::Unserialize related use-after-free vulnerability.

tags | exploit
SHA-256 | c401c178ffecc2c543e0506717b170b45cb01c6106506bf7304ac67f0c08bfb4
Feeder.co RSS Feeder 5.2 Cross Site Scripting
Posted Oct 25, 2013
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

Feeder.co RSS Feeder version 5.2 for Chrome suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c227d9d9a4c7675cd2e18a765b40cd5955a316d3ece0b557dcc289f4c9d80f82
Google Chrome Arbitrary Extensions Detection
Posted Sep 8, 2010
Authored by Lostmon | Site lostmon.blogspot.com

Google Chrome suffers from an installed extensions arbitrary detection vulnerability.

tags | exploit, arbitrary
SHA-256 | 52da5016877181aca474a508679782a3b2ff97357ecd8b355f349ada96f2d008
Gmail Checker Plus Chrome Extension Cross Site Scripting / Cross Site Request Forgery
Posted Jun 18, 2010
Authored by Lostmon | Site lostmon.blogspot.com

Gmail Checker plus Chrome suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 36a68bd9e9fde10d7b5a7b1971af8b6237f36edee542649eae9f1bc1b13f7a19
GS1.0.0.40OfficialRelease.rar
Posted Feb 23, 2008
Authored by cDc | Site goolag.org

Goolag Scanner version 1.0. This tool has been released by the Cult of the Dead Cow to automate Google hacking using 1,500 predefined search queries.

tags | tool, scanner
systems | unix
SHA-256 | 052f30701a3f98d4097362ef486c4e09cecdf65778832bd34781b2d744896d38
GS07-02.txt
Posted Oct 25, 2007
Authored by Fatih Ozavci, Caglar Cakici | Site gamasec.net

The RSA KEON Registration Authority Web Interface suffers from multiple cross site scripting vulnerabilities. Version 1.0 is susceptible.

tags | advisory, web, vulnerability, xss
SHA-256 | 26c310be669771da1384f9cf1a2df0bcb062948b01a68a3476d898341ac35511
GS07-01.txt
Posted May 17, 2007
Authored by Fatih Ozavci, Caglar Cakici | Site gamasec.net

Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious content to bypass HTTP content scanning systems. Systems affected include Checkpoint Web Intelligence and IBM ISS Proventia Series systems.

tags | advisory, web
SHA-256 | ed7d99c4b0c8cf924026804e5a72dd264e34e794211f2f18d66d3c41fdd46077
Page 4 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close