Chrome: bypass for download filetype blacklist, extension->native privesc

This bug report describes a vulnerability that can be used by an extension with some permissions to escalate to native code execution on Linux desktops if Java is installed. No user interaction is required. Chrome permits extensions with appropriate permissions "downloads" and "downloads. open" t...

shopify-scripts: Memory corrouption in mrb_gc_mark

The memory corruption in mrbgcmark function can lead to code execution or at least DoS on mruby. PoC attached. Crash debug mr@minhrau $ ./mrubylatest/mruby/build/bench/bin/mruby ./mruby/fuzz03/crashes/mrbgcmark.rb Reading symbols from ./mrubylatest/mruby/build/bench/bin/mruby...done. gdb r...

UBUNTU-CVE-2016-5038

The dwarfgetmacrostartendfile function in dwarfmacro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read via a crafted string offset for .debugstr...

DEBIAN-CVE-2016-5038

The dwarfgetmacrostartendfile function in dwarfmacro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read via a crafted string offset for .debugstr...

NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission Vulnerability

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1012 DxgkDdiSubmitCommandVirtual is the function implemented by the kernel mode driver responsible for submitting a command buffer to the GPU. One of the arguments passed contains...

NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1012 DxgkDdiSubmitCommandVirtual is the function implemented by the kernel mode driver responsible for submitting a command buffer to the GPU. One of the arguments passed contains vendor specific data from the user mode driver. The...

NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission

NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1012 DxgkDdiSubmitCommandVirtual is the function implemented by the kernel mode driver responsible for submitting a command buffer to the GPU. One of the arguments...

Simple Static Malware Analyzer: SSMA

Simple Static Malware Analyzer SSMA is a simple malware analyzer written in Python 3. Features: Analyze PE file’s header and sections number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc. Searches for possible...

UBUNTU-CVE-2015-8750

libdwarf 20151114 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and crash via a debugabbrev section marked NOBITS in an ELF file...

DEBIAN-CVE-2015-8750

libdwarf 20151114 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and crash via a debugabbrev section marked NOBITS in an ELF file...

Fedora 25 : gnome-boxes (2017-fc0140d4c5)

gnome-boxes 3.22.4 release, fixing a possible security issue with storing the express installation password in clear text. - Store the user password in the keyring during an express installation. - Fix typo in debug string in vm-configurator. - Fix printf format strings in the selectiontoolbar...

shopify-scripts: SIGSEGV - mrb_vm_exec - line:1312

PoC ------------------- The following code triggers the bug attached as mrbvmexec.rb: n s s k h GC.start ObjectSpace.eachobject|obj|obj Debug - mirb ------------------- gdb r mrbvmexec.rb The program being debugged has been started already. Start it from the beginning? y or n y Starting program:...

habitation.gouv.qc.ca XSS vulnerability

Open Bug Bounty ID: OBB-211018 Description| Value ---|--- Affected Website:| habitation.gouv.qc.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ontariorvda.ca XSS vulnerability

Vulnerable URL: http://www.ontariorvda.ca/wp-content/plugins/shadowbox-js/shadowbox/player.swf?debug=alert%27openbugbounty%27 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 10857868 VIP website status:| No Check...

Pornhub: Debug.log file Exposed to Public \Full Path Disclosure\

The researcher discovered a debug log file exposing path information...

shopify-scripts: SIGSEGV - vm.c - line:1214

PoC ------------------- The following code triggers the bug attached as testmrbvmexec1214.rb: def test instanceexec do return toenum:==end ensure end test Debug - mirb ------------------- gdb r testmrbvmexec1214.rb Starting program: /home/x/Desktop/research/3fuzz/mruby/bin/mirb testmrbvmexec1214....

SUSE-SU-2017:0292-1 Security update for dbus-1

This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed: - bsc1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included: - Change the default...

Design/Logic Flaw

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7PGKT01...

CVE-2017-5594

The Pagekit CMS

CVE-2016-6521

Cross-site request forgery CSRF vulnerability in Grails console aka Grails Debug Console and Grails Web Console 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors...