PT-2016-2253 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 21.0.0.242 and earlier Description: The issue is related to errors in the code of Adobe Flash Player, which can be exploited by a remote attacker to impact the integrity, availability, and confidentiality of...

Blat 3.2.14 - Stack Overflow

Exploit for windows platform in category dos / poc 1. Vulnerable Product Version: Blat v3.2.14 Link: blat.net 2. Vulnerability Information Impact: Attacker may gain administrative access / can perform a DOS Remotely Exploitable: No Locally Exploitable: May be possible 3. Product Details An open...

Blat 3.2.14 Denial Of Service

Hi Hackers, Greetings from Vishnu @dh4wk 1. Vulnerable Product Version: Blat v3.2.14 Link: blat.net 2. Vulnerability Information Impact: Attacker may gain administrative access / can perform a DOS Remotely Exploitable: No Locally Exploitable: May be possible 3. Product Details An open source...

BookingWizz LFI / XSS / CSRF / SQL Injection

ADVISORY INFORMATION ======================================== Title: BookingWizz Default username/password: admin/pass"; PR2 - Cross Site Scripting ======================================== File : eventList.php // Improper user input validation on Line 24: $serviceID =...

Ruby pack_pack Use After Free Vulnerability

Talos Vulnerability Report TALOS-2016-0033 Ruby packpack Use After Free Vulnerability June 14, 2016 CVE Number CVE-2016-2338 DESCRIPTION An exploitable User After Free vulnerability exists in the packpack function of Ruby. In packpack function each element of array which should be “pack”, based o...

Apple Mac OSX Kernel - Null Pointer Dereference in AppleMuxControl.kext

Apple Mac OSX Kernel - Null Pointer Dereference in AppleMuxControl.kext / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=783 The method AppleGraphicsControlClient::checkArguments does actually appear to test whether the pointer at this+0xd8 is non-null, but uses it anyway : We...

Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleMuxControl.kext

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=783 The method AppleGraphicsControlClient::checkArguments does actually appear to test whether the pointer at this+0xd8 is non-null, but uses it anyway : We can race external metho...

Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=782 AppleGraphicsDeviceControlClient doesn't check that its pointer to its IOService at this+0xd8 is non-null before using it in all external methods. We can set this pointer to NU...

Apple Mac OSX - Kernel Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=778 IOAccelerator external method IOAccelSharedUserClient2::pageoffresource uses the pointer at this+0x100 without checking if it's NULL. A series of dereferences from this pointer...

Apple Mac OSX Kernel - Null Pointer Dereference in IOAudioEngine

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=776 IOAudioEngineUserClient::closeClient sets the audioEngine member pointer to NULL IOReturn IOAudioEngineUserClient::closeClient audioDebugIOLog3, "+ IOAudioEngineUserClient%p::closeClient\n", this; if audioEngine && !isInactiv...

Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeF

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=784 The method nvCommandQueue::GetHandleIndex doesn't check whether this+0x5b8 is non-null before using it. We can race a call to this method this with another thread calling...

League Of Legends Screensaver Unquoted Service Path Privilege Escalation

Exploit Title: League of Legends Screensaver Unquoted Service Paths Conditional Privilege Escalation. CVE-ID: NA Date: 13/04/2016 Exploit Author: Vincent Yiu Contact: [email protected] Vendor Homepage: http://www.leagueoflegends.com Software Link: screensaver.euw.leagueoflegends.com/enUS...

Buffer overflow parsing HTML5 fragments — Mozilla

Security researcher firehack reported a buffer overflow when parsing HTML5 fragments in a foreign context such as under an node. This results in a potentially exploitable crash when inserting an HTML fragment into an existing document...

Debian Security Advisory DSA 3597-1 (expat - security update)

Two related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702It was introduced when CVE-2012-0876 was addressed. Stefan Srensen discovered that the use of the function XMLParse seeds the random number generator generating repeated outputs for rand calls...

AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection

ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro ASP.NET Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected: AfterLogic WebMail...

AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection

ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro ASP.NET Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected: AfterLogic WebMail...

Missing Access Check in TYPO3 CMS

It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions. Component Type: TYPO3 CMS Release Date: May 24, 2016 Vulnerable subcomponent: Extbase Vulnerability Type: Missing access check Affected Versions: Versions 4.3.0 up to 8.1.0 Severity: Critical Suggested CVSS v2.0:...

AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection

AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection 1. ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro...

CVE-2016-4558

The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted application on 1 a system with more than 32 Gb of memory, related to the program reference...

Adobe Flash - Out-of-Bounds Read when Placing Object

Adobe Flash - Out-of-Bounds Read when Placing Object Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=794 There is an out of bounds read when placing a corrupt image. This issue might be exploitable, depending on what is read. A PoC is attached. To reproduce issue, put both files...