Lucene search
+L

250 matches found

Kitploit
Kitploit
added 2016/05/18 11:30 p.m.33 views

EhTrace - Tool for Tracing Execution of Binaries on Windows

Eh'Trace pronounced ATrace is a binary tracing tool for Windows. Implemented in C but has some interesting properties that may make it suitable for tracing binaries when other methods are not sufficient, in particular EhTrace does not require changes to a binary to enable traces, despite being ab...

7.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2015/03/19 11:39 a.m.13 views

Flash, Reader, Firefox and IE All Fall On First Day of Pwn2Own

Four different research teams on Wednesday cracked four products–Adobe Flash, Reader, Mozilla Firefox, and Microsoft Internet Explorer—and collectively earned a payout of $317,000 on the first day of Pwn2Own 2015. The annual hacking contest, which kicked off Wednesday in Vancouver, runs...

Exploits0References4
ThreatPost
ThreatPost
added 2015/03/19 7:0 a.m.13 views

BIOS Rootkit Implant Debuts at CanSecWest

When the National Security Agency’s ANT division catalog of surveillance tools was disclosed among the myriad of Snowden revelations, its desire to implant malware into the BIOS of targeted machines was unquestionable. While there’s little evidence of BIOS bootkits in the wild, the ANT catalog an...

0.3AI score
Exploits0References5
myhack58
myhack58
added 2015/03/19 12:0 a.m.26 views

Apple Mac OS X system is found to exist DLL hijacking vulnerability-vulnerability warning-the black bar safety net

DLL hijacking from 2 0 0 0 years has started to plague Windows systems, and now this attack also in most people's eyes“the most secureoperating system” - Apple Mac OS X appears on the. This week, Synack researcher Patrick Wardle, held in Vancouver at CanSecWest meeting made a speech, he explained...

1.5AI score
Exploits0
ThreatPost
ThreatPost
added 2015/02/24 3:4 p.m.9 views

Google Pwnium Program Now Open All Year

Google is expanding its successful Pwnium vulnerability reward program–which has run at various security conferences for a couple of years now–to run continuously and offer an unlimited pool of financial rewards. Pwnium originally was established as an alternative to the Pwn2Own hacking contest a...

7.4AI score
Exploits0References2
ThreatPost
ThreatPost
added 2015/02/02 2:44 p.m.15 views

Google Offers Bug Bounty Vulnerability Research Grants

Google last week announced that it has instituted a program for 2015 in which researchers can receive up to 3,133.70 in grant money for bug hunting. Researchers must apply for the grants, which will be an up-front award that will be paid out before a bug is submitted, Google said. “Researchers’...

0.2AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/05/14 5:46 p.m.4 views

flash-plugin: use-after-free flaw leads to arbitrary code execution

Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014...

10CVSS6.5AI score0.08486EPSS
Exploits1References5
NVD
NVD
added 2014/04/27 10:55 a.m.19 views

CVE-2014-1766

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure...

9.3CVSS7.7AI score0.33293EPSS
Exploits0References5
NVD
NVD
added 2014/04/27 10:55 a.m.19 views

CVE-2014-1764

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014...

10CVSS7.5AI score0.37373EPSS
Exploits0References6
Prion
Prion
added 2014/04/27 10:55 a.m.17 views

Memory corruption

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure...

9.3CVSS8.1AI score0.33293EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2014/04/27 10:55 a.m.19 views

Design/Logic Flaw

Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014...

7.6CVSS8.2AI score0.1565EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2014/04/27 10:55 a.m.30 views

Design/Logic Flaw

Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014...

7.5CVSS8.1AI score0.70727EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2014/04/27 10:55 a.m.16 views

Design/Logic Flaw

Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014...

10CVSS8.1AI score0.22558EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2014/04/27 10:55 a.m.20 views

Design/Logic Flaw

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014...

10CVSS8.1AI score0.37373EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2014/04/27 10:0 a.m.56 views

CVE-2014-1763

CVE-2014-1763 is a use-after-free vulnerability in Microsoft Internet Explorer 9–11 exploited via CSS handling (notably CSS @import) that could allow remote code execution. ZDI-14-217 documents a CSS memory corruption flaw in IE10/IE11/IE9, demonstrated by VUPEN during Pwn2Own 2014, with remote e...

10CVSS7.7AI score0.22558EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2014/04/27 10:0 a.m.72 views

CVE-2014-1766

CVE-2014-1766 affects Microsoft Internet Explorer 9–11. The issue enables remote code execution/memory corruption via a crafted web page, as demonstrated by researchers during Pwn2Own. The public-facing fix is MS14-035 (security update for Internet Explorer), with related patches such as KB296926...

9.3CVSS7.7AI score0.33293EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2014/04/27 10:0 a.m.24 views

CVE-2014-1766

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure...

7.6AI score0.33293EPSS
Exploits0References5
CVE
CVE
added 2014/04/27 10:0 a.m.58 views

CVE-2014-1764

CVE-2014-1764 affects Microsoft Internet Explorer 7–11. The issue is an object confusion vulnerability in the data exchanged between the broker and sandboxed processes, allowing a sandboxed process to execute code in the broker context and bypass IE Protected Mode. This can lead to remote code ex...

10CVSS7.7AI score0.37373EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2014/04/27 10:0 a.m.68 views

CVE-2014-1762

CVE-2014-1762 concerns Microsoft Internet Explorer 6–11. Public advisories describe multiple remote-code-execution vulnerabilities in IE that were demonstrated in Pwn2Own contexts and involve bypassing Protected Mode/sandbox and local trust assumptions (notably via localhost) and memory-corruptio...

7.5CVSS7.7AI score0.70727EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2014/04/27 10:0 a.m.64 views

CVE-2014-1765

CVE-2014-1765 refers to multiple use-after-free vulnerabilities in Microsoft Internet Explorer (IE) versions 6–11 that can lead to remote code execution when a user visits a malicious page or when a crafted document is opened. The ZDI advisories (ZDI-14-261 and ZDI-14-223) describe concrete use-a...

7.6CVSS7.7AI score0.1565EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder