26 matches found
Wasmtime 缓冲区错误漏洞
Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. Wasmtime suffers from a buffer error vulnerability that stems from the code generator's address pattern calculation incorrectly calculating valid addresses, which can be exploited by an...
GHSA-XWQR-XMGG-J69Q Integer overflow in solana_rbpf
From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.stvalue is read directly from ELF file without checking. If the sym.stvalue is rather large, an integer overflow is triggered while calculating the variable "addr"...
Microsoft Office 内存损坏漏洞(CVE-2015-1641)
来源: http://drops.wooyun.org/papers/9809 Microsoft Office 内存损坏漏洞 0x01 漏洞概述 今年4月份微软修补了一个名为CVE-2015-1641的word类型混淆漏洞,攻击者可以构造嵌入了docx的rtf文档进行攻击。word在解析docx文档处理displacedByCustomXML属性时未对customXML对象进行验证,可以传入其他标签对象进行处理,造成类型混淆,导致任意内存写入,最终经过精心构造的标签以及对应的属性值可以造成远程任意代码执行。 根据微软官方MS15-33安全公告里显示,这个漏洞覆盖Office 2007...
Microsoft DIA SDK msdia.dll Memory Corruption Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Debug Interface Access SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SHOUTcast DNAS/Linux 1.9.4 Format String Remote Exploit
No description provided by source. / SHOUTcast DNAS/Linux v1.9.4 format string remote exploit / / Damian Put [email protected] Cyber-Crime Team www.CC-Team.org / / Tested on slackware 9.1 and 10.0 0xbf3feee0 / / When exploit only crash SHOUTcast we should calculate new address: / / / / bash-2.05b...
gnome_segv - Local Buffer Overflow
/ gnomesegv local buffer overflow. Author: Cody Tubbs loophole of hhp. www.hhp-programming.net / [email protected] 12/9/2000 This exploit was coded at overfiens in cali. Shouts to overfien and skeptik... h00t h00t. Bug found by skeptik. Tested on SuSE 6.4/2.2.14 non sid by default, p.o.e. only. ...