Lucene search
K

129 matches found

ThreatPost
ThreatPost
added 2018/06/01 9:24 p.m.12 views

Researchers Warn of Microsoft Zero-Day RCE Bug

Researchers have discovered a medium-severity Windows vulnerability that enables remote attackers to execute arbitrary code – and Microsoft hasn’t issued a patch yet. The flaw, which was first discovered by Dmitri Kaslov of Telspace Systems, exists within the handling of error objects in JScript,...

0.8AI score
Exploits0References2
CVE
CVE
added 2018/03/13 3:0 p.m.109 views

CVE-2018-1000085

ClamAV (v0.99.3) contains an out-of-bounds heap memory read in the XAR parser’s xar_hash_check function, which can cause a memory leak and denial of service when scanning a crafted XAR file. Public advisories indicate the issue was fixed in upstream with the release of 0.99.4 (and related distro ...

5.5CVSS6.2AI score0.0167EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2018/02/27 12:0 a.m.26 views

CVE-2018-1000085

ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xarhashcheck that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This...

5.5CVSS6.7AI score0.0167EPSS
Exploits0References4
Hacker One
Hacker One
added 2018/02/16 7:30 p.m.32 views

Rockstar Games: SocialClub's Facebook OAuth Theft through Warehouse XSS.

In this report, the researcher was able to chain together 3 separate, minor bugs to create an exploit that was greater than the sum of its parts. This exploit could have potentially allowed attackers to steal OAuth tokens from users. The exploit chain involved taking advantage of our SSO between...

2.6AI score
Exploits0
Metasploit
Metasploit
added 2018/01/29 1:13 a.m.79 views

MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution

This module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec command execution is done. Exploits a type confusion betwee...

8.8CVSS7.1AI score0.99693EPSS
Exploits52
GithubExploit
GithubExploit
added 2018/01/17 5:26 p.m.29 views

Exploit for Observable Discrepancy in Intel Atom_C

CiscoSpectreTakeover A PoC chain exploit using the recent...

9CVSS7.5AI score0.93838EPSS
Exploits19
GoogleProjectZero
GoogleProjectZero
added 2015/11/02 12:0 a.m.29 views

Hack The Galaxy: Hunting Bugs in the Samsung Galaxy S6 Edge

Posted by Natalie Silvanovich, Planner of Bug Bashes Recently, Project Zero researched a popular Android phone, the Samsung Galaxy S6 Edge. We discovered and reported 11 high-impact security issues as a result. This post discusses our motivations behind the research, our approach in looking for...

8.8CVSS7.8AI score0.08852EPSS
Exploits10
GoogleProjectZero
GoogleProjectZero
added 2015/06/19 12:0 a.m.31 views

Owning Internet Printing - A Case Study in Modern Software Exploitation

Guest posted by Neel Mehta [email protected] - June 19th, 2015 Abstract Modern exploit mitigations draw attackers into a game of diminishing marginal returns. With each additional mitigation added, a subset of software bugs become unexploitable, and others become difficult to exploit, requiring...

10CVSS7AI score0.29913EPSS
Exploits9
securityvulns
securityvulns
added 2010/12/28 12:0 a.m.22500 views

Multiple Vulnerabilities in OpenClassifieds 1.7.0.3

I understand that this is a vain hope that bugtraq will start posting something useful. Author:Michael Brooks Rookbr Application:OpenClassifieds 1.7.0.3br download: http://open-classifieds.com/download/br Exploit chain:captcha bypass-sqliinsert-persistant xss on front pagebr If registration is...

8.1AI score
Exploits0
Rows per page
Query Builder